CVE-2024-29216

MEDIUM

cg6kwin2k.sys <2.1.7.0 - Privilege Escalation

Title source: llm

Description

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.

References (2)

Core 2

Core References

Third Party Advisory

https://jvn.jp/en/vu/JVNVU90671953/

Third Party Advisory

https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download

Scores

CVSS v3 6.1

EPSS 0.0018

EPSS Percentile 7.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-522

Status published

Products (1)

Sangoma Technologies/cg6kwin2k.sys prior to 2.1.7.0

Published Mar 25, 2024

Tracked Since Feb 18, 2026