CVE-2023-35841

High CVSS 7.8

Overview

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.

CWE: CWE-732 Published: 2024-05-14T16:15:36.953

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.8 (HIGH)
Detected tags: priv_esc (tag impact: HIGH)

Recommended actions:

Fix privilege escalation urgently.
Enforce least-privilege and strengthen EDR detection.

Overview

Recommended tools

Tags