CVE-2024-29216

MEDIUM

cg6kwin2k.sys <2.1.7.0 - Privilege Escalation

Title source: llm

Description

Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.

References (2)

[Third Party Advisory] https://jvn.jp/en/vu/JVNVU90671953/

[Third Party Advisory] https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 7.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Classification

CWE

CWE-522

Status draft

Timeline

Published Mar 25, 2024

Tracked Since Feb 18, 2026