CVE-2024-29216

Summary

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.

Affected Software

VendorProductVersion RangeStatus
Sangoma Technologiescg6kwin2k.sysprior to 2.1.7.0affected

Weaknesses

  • Exposed IOCTL with Insufficient Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References