CWE-782
Exposed IOCTL with Insufficient Access Control
The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
CVE-2023-35841 (GCVE-0-2023-35841)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:56 – Updated: 2025-07-28 20:49
VLAI
Title
WinFlash Driver Permissions Issue
Summary
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
Severity
7.8 (High)
CWE
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | WinFlash Driver |
Affected:
0 , < 4.5.0.0
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:winflash_driver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "winflash_driver",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:32:21.876164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:27.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-35841/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WinFlash Driver",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Takahiro Haruyama of Broadcom"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.\u003cp\u003eThis issue affects WinFlash Driver: before 4.5.0.0.\u003c/p\u003e"
}
],
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782 Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:49:33.663Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-35841/"
},
{
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WinFlash Driver Permissions Issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-35841",
"datePublished": "2024-05-14T14:56:14.743Z",
"dateReserved": "2023-06-19T00:35:50.974Z",
"dateUpdated": "2025-07-28T20:49:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-44976 (GCVE-0-2023-44976)
Vulnerability from cvelistv5 – Published: 2025-08-01 00:00 – Updated: 2025-08-01 14:28
VLAI
Summary
Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.
Severity
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Hangzhou Shunwang | Rentdrv2 |
Affected:
1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3
(custom)
Affected: 9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44976",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-01T14:27:49.967204Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T14:28:01.549Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Rentdrv2",
"vendor": "Hangzhou Shunwang",
"versions": [
{
"status": "affected",
"version": "1aed62a63b4802e599bbd33162319129501d603cceeb5e1eb22fd4733b3018a3",
"versionType": "custom"
},
{
"status": "affected",
"version": "9165d4f3036919a96b86d24b64d75d692802c7513f2b3054b20be40c212240a5",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782 Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-01T13:43:36.843Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/keowu/BadRentdrv2"
},
{
"url": "https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-44976",
"datePublished": "2025-08-01T00:00:00.000Z",
"dateReserved": "2023-10-02T00:00:00.000Z",
"dateUpdated": "2025-08-01T14:28:01.549Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0141 (GCVE-0-2024-0141)
Vulnerability from cvelistv5 – Published: 2025-03-05 01:33 – Updated: 2025-03-05 14:47
VLAI
Summary
NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. A successful exploit of this vulnerability may lead to denial of service.
Severity
6.8 (Medium)
CWE
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| NVIDIA | NVIDIA Hopper HGX 8-GPU |
Affected:
HGX-22.10-1-rc67 (1.5.0)
Affected: HGX-22.10-1-rc63 (1.4.0) Affected: HGX-22.10-1-rc59 (1.3.2) Affected: HGX-22.10-1-rc57 (1.3.0/1.3.1) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T14:46:55.000200Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T14:47:04.987Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"HMC"
],
"product": "NVIDIA Hopper HGX 8-GPU",
"vendor": "NVIDIA",
"versions": [
{
"status": "affected",
"version": "HGX-22.10-1-rc67 (1.5.0)"
},
{
"status": "affected",
"version": "HGX-22.10-1-rc63 (1.4.0)"
},
{
"status": "affected",
"version": "HGX-22.10-1-rc59 (1.3.2)"
},
{
"status": "affected",
"version": "HGX-22.10-1-rc57 (1.3.0/1.3.1)"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. A successful exploit of this vulnerability may lead to denial of service.\u003c/span\u003e\n\n\u003c/span\u003e"
}
],
"value": "NVIDIA Hopper HGX for 8-GPU contains a vulnerability in the GPU vBIOS that may allow a malicious actor with tenant level GPU access to write to an unsupported registry causing a bad state. A successful exploit of this vulnerability may lead to denial of service."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Denial of service"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T01:35:24.789Z",
"orgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"shortName": "nvidia"
},
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5561"
}
],
"source": {
"discovery": "INTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9576f279-3576-44b5-a4af-b9a8644b2de6",
"assignerShortName": "nvidia",
"cveId": "CVE-2024-0141",
"datePublished": "2025-03-05T01:33:55.125Z",
"dateReserved": "2023-12-02T00:42:51.800Z",
"dateUpdated": "2025-03-05T14:47:04.987Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4196 (GCVE-0-2024-4196)
Vulnerability from cvelistv5 – Published: 2024-06-25 04:00 – Updated: 2025-10-01 01:32
VLAI
Title
Avaya IP Office Web Control RCE Vulnerability
Summary
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.
Severity
10 (Critical)
CWE
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "ip_office",
"vendor": "avaya",
"versions": [
{
"lessThanOrEqual": "11.1.3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4196",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T03:55:31.961Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://download.avaya.com/css/public/documents/101090768"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"Web Control"
],
"product": "IP Office",
"vendor": "Avaya",
"versions": [
{
"lessThan": "11.1.3.1",
"status": "affected",
"version": "0",
"versionType": "11.1.3.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eimproper input validation vulnerability \u003c/span\u003e was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to 11.1.3.1."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-01T01:32:20.651Z",
"orgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"shortName": "avaya"
},
"references": [
{
"url": "https://download.avaya.com/css/public/documents/101090768"
}
],
"source": {
"defect": [
"IPOFFICE-171836"
],
"discovery": "EXTERNAL"
},
"title": "Avaya IP Office Web Control RCE Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9d670455-bdb5-4cca-a883-5914865f5d96",
"assignerShortName": "avaya",
"cveId": "CVE-2024-4196",
"datePublished": "2024-06-25T04:00:30.307Z",
"dateReserved": "2024-04-25T16:34:11.466Z",
"dateUpdated": "2025-10-01T01:32:20.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-27535 (GCVE-0-2025-27535)
Vulnerability from cvelistv5 – Published: 2026-02-10 16:25 – Updated: 2026-02-10 17:35
VLAI
Summary
Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Severity
5.3 (Medium)
CWE
- Denial of Service
- CWE-782 - Exposed IOCTL with Insufficient Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Intel(R) Ethernet Connection E825-C. |
Affected:
before version NVM ver. 3.84
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-10T17:35:08.544486Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T17:35:13.129Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Intel(R) Ethernet Connection E825-C.",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "before version NVM ver. 3.84"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"cvssV4_0": {
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en"
},
{
"cweId": "CWE-782",
"description": "Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-10T16:25:24.509Z",
"orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"shortName": "intel"
},
"references": [
{
"name": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
"assignerShortName": "intel",
"cveId": "CVE-2025-27535",
"datePublished": "2026-02-10T16:25:24.509Z",
"dateReserved": "2025-03-11T03:00:20.541Z",
"dateUpdated": "2026-02-10T17:35:13.129Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-47761 (GCVE-0-2025-47761)
Vulnerability from cvelistv5 – Published: 2025-11-18 17:01 – Updated: 2026-01-14 09:17
VLAI
Summary
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.
Severity
CWE
- CWE-782 - Execute unauthorized code or commands
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Fortinet | FortiClientWindows |
Affected:
7.4.0 , ≤ 7.4.3
(semver)
Affected: 7.2.0 , ≤ 7.2.9 (semver) cpe:2.3:a:fortinet:forticlientwindows:7.4.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-47761",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T21:11:44.141602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T21:11:52.011Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:fortinet:forticlientwindows:7.4.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.9:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.8:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.7:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.6:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.5:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.4:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.3:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.2:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.1:*:*:*:*:*:*:*",
"cpe:2.3:a:fortinet:forticlientwindows:7.2.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "FortiClientWindows",
"vendor": "Fortinet",
"versions": [
{
"lessThanOrEqual": "7.4.3",
"status": "affected",
"version": "7.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.9",
"status": "affected",
"version": "7.2.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "Execute unauthorized code or commands",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-14T09:17:43.864Z",
"orgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"shortName": "fortinet"
},
"references": [
{
"name": "https://fortiguard.fortinet.com/psirt/FG-IR-25-112",
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-112"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to FortiClientWindows version 7.4.4 or above\nUpgrade to FortiClientWindows version 7.2.10 or above"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "6abe59d8-c742-4dff-8ce8-9b0ca1073da8",
"assignerShortName": "fortinet",
"cveId": "CVE-2025-47761",
"datePublished": "2025-11-18T17:01:11.767Z",
"dateReserved": "2025-05-09T14:40:26.906Z",
"dateUpdated": "2026-01-14T09:17:43.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7771 (GCVE-0-2025-7771)
Vulnerability from cvelistv5 – Published: 2025-08-06 09:35 – Updated: 2025-08-06 20:25
VLAI
Title
Code Execution / Escalation of Privileges in ThrottleStop
Summary
ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections. ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions.
Severity
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TechPowerUp | ThrottleStop |
Affected:
3.0.0.0 and possibly others
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7771",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-06T20:25:22.406662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T20:25:31.602Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"packageName": "ThrottleStop.sys",
"product": "ThrottleStop",
"vendor": "TechPowerUp",
"versions": [
{
"status": "affected",
"version": "3.0.0.0 and possibly others"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections.\u0026nbsp;ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions."
}
],
"value": "ThrottleStop.sys, a legitimate driver, exposes two IOCTL interfaces that allow arbitrary read and write access to physical memory via the MmMapIoSpace function. This insecure implementation can be exploited by a malicious user-mode application to patch the running Windows kernel and invoke arbitrary kernel functions with ring-0 privileges. The vulnerability enables local attackers to execute arbitrary code in kernel context, resulting in privilege escalation and potential follow-on attacks, such as disabling security software or bypassing kernel-level protections.\u00a0ThrottleStop.sys version 3.0.0.0 and possibly others are affected. Apply updates per vendor instructions."
}
],
"impacts": [
{
"capecId": "CAPEC-679",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-679: Exploitation of Improperly Configured or Implemented Memory Protections"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782: Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-06T09:35:00.684Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"url": "https://github.com/klsecservices/Advisories/blob/master/K-TechPowerUp-2025-001.md"
},
{
"url": "https://www.techpowerup.com/download/techpowerup-throttlestop/"
},
{
"url": "https://securelist.com/av-killer-exploiting-throttlestop-sys/117026/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Code Execution / Escalation of Privileges in ThrottleStop",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2025-7771",
"datePublished": "2025-08-06T09:35:00.684Z",
"dateReserved": "2025-07-17T15:54:18.122Z",
"dateUpdated": "2025-08-06T20:25:31.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8061 (GCVE-0-2025-8061)
Vulnerability from cvelistv5 – Published: 2025-09-11 18:34 – Updated: 2025-09-22 15:48
VLAI
Summary
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.
Severity
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control
Assigner
References
1 reference
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Lenovo | Dispatcher 3.0 Driver |
Affected:
0 , < 3.1.0.41
(custom)
|
|
| Lenovo | Dispatcher 3.1 Driver |
Affected:
0 , < 3.1.0.41
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8061",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-11T18:54:27.451797Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-11T18:54:41.582Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Dispatcher 3.0 Driver",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.1.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Dispatcher 3.1 Driver",
"vendor": "Lenovo",
"versions": [
{
"lessThan": "3.1.0.41",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lenovo:dispatcher_3.0_driver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.0.41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:lenovo:dispatcher_3.1_driver:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.0.41",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Lenovo thanks YiShun Zeng and Luis Casvella of Quarkslab for independently reporting this issue."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default.\u003c/span\u003e"
}
],
"value": "A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Lenovo Dispatcher 3.2 driver is not affected. This vulnerability does not affect systems when the Windows feature Core Isolation Memory Integrity is enabled. Lenovo systems preloaded with Windows 11 have this feature enabled by default."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782: Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-22T15:48:36.752Z",
"orgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"shortName": "lenovo"
},
"references": [
{
"url": "https://support.lenovo.com/us/en/product_security/LEN-200860"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eUpdate\u0026nbsp;to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://support.lenovo.com/us/en/product_security/LEN-200860\"\u003ehttps://support.lenovo.com/us/en/product_security/LEN-200860\u003c/a\u003e\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "Update\u00c2\u00a0to the version (or newer) indicated for your model in the Product Impact section in the advisory:\u00c2\u00a0 https://support.lenovo.com/us/en/product_security/LEN-200860"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "da227ddf-6e25-4b41-b023-0f976dcaca4b",
"assignerShortName": "lenovo",
"cveId": "CVE-2025-8061",
"datePublished": "2025-09-11T18:34:52.421Z",
"dateReserved": "2025-07-22T20:46:17.396Z",
"dateUpdated": "2025-09-22T15:48:36.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-4483 (GCVE-0-2026-4483)
Vulnerability from cvelistv5 – Published: 2026-04-08 07:25 – Updated: 2026-04-08 13:53
VLAI
Summary
An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified.
Severity
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.moxa.com/en/support/product-support/s… | vendor-advisory |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| Moxa | MxGeneralIo |
Affected:
1.0 , < 1.4.0
(custom)
|
|
| Moxa | MxGeneralIo |
Affected:
1.0 , < 1.5.0
(custom)
|
|
| Moxa | MxGeneralIo |
Affected:
1.0 , < 1.4.0
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4483",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-08T13:53:18.890748Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T13:53:26.094Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 7 x86"
],
"product": "MxGeneralIo",
"vendor": "Moxa",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 10",
"Windows 11"
],
"product": "MxGeneralIo",
"vendor": "Moxa",
"versions": [
{
"lessThan": "1.5.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"Windows 7 x64"
],
"product": "MxGeneralIo",
"vendor": "Moxa",
"versions": [
{
"lessThan": "1.4.0",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x86:*:*:*:*:*",
"versionEndExcluding": "1.4.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_10:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"versionStartIncluding": "1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_11:*:*:*:*:*",
"versionEndExcluding": "1.5.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x64:*:*:*:*:*",
"versionEndExcluding": "1.4.0",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jason Huang from TXOne Networks Inc."
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An exposed IOCTL with an\u0026nbsp; insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa\u2019s industrial x86 computers.\u0026nbsp;The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory.\u0026nbsp;A local attacker with high privileges could abuse these interfaces to perform unauthorized operations.\u0026nbsp;Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition.\u0026nbsp;The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted.\u0026nbsp;No impact to the subsequent system has been identified."
}
],
"value": "An exposed IOCTL with an\u00a0 insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa\u2019s industrial x86 computers.\u00a0The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory.\u00a0A local attacker with high privileges could abuse these interfaces to perform unauthorized operations.\u00a0Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition.\u00a0The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted.\u00a0No impact to the subsequent system has been identified."
}
],
"impacts": [
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122: Privilege Abuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782: Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T09:31:29.457Z",
"orgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"shortName": "Moxa"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-254811-cve-2026-4483-exposed-ioctl-with-insufficient-access-control-vulnerability-in-the-utility-for-x86-computers"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "2e0a0ee2-d866-482a-9f5e-ac03d156dbaa",
"assignerShortName": "Moxa",
"cveId": "CVE-2026-4483",
"datePublished": "2026-04-08T07:25:03.348Z",
"dateReserved": "2026-03-20T06:25:28.602Z",
"dateUpdated": "2026-04-08T13:53:26.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6737 (GCVE-0-2026-6737)
Vulnerability from cvelistv5 – Published: 2026-05-08 02:00 – Updated: 2026-05-08 13:02
VLAI
Summary
An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the '
Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.
Severity
CWE
- CWE-782 - Exposed IOCTL with Insufficient Access Control
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ASUS | AsusPTPFilter |
Affected:
0 , ≤ 16.0.0.45
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-08T13:02:21.513795Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T13:02:29.276Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "AsusPTPFilter",
"vendor": "ASUS",
"versions": [
{
"lessThanOrEqual": "16.0.0.45",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:asusptpfilter:*:*:*:*:*:*:*:*",
"versionEndIncluding": "16.0.0.45",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable\u0026nbsp;via crafted IOCTL requests.\u003cdiv\u003eRefer to the \u0027\nSecurity Update for ASUS Precision Touchpad\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information.\u003c/div\u003e"
}
],
"value": "An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable\u00a0via crafted IOCTL requests.Refer to the \u0027\nSecurity Update for ASUS Precision Touchpad\u00a0\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782: Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-08T02:00:26.422Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"url": "https://www.asus.com/security-advisory"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2026-6737",
"datePublished": "2026-05-08T02:00:26.422Z",
"dateReserved": "2026-04-21T06:25:50.061Z",
"dateUpdated": "2026-05-08T13:02:29.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Mitigation
Phase: Architecture and Design
Description:
- In Windows environments, use proper access control for the associated device or device namespace. See References.
No CAPEC attack patterns related to this CWE.