What is CVE-2023-35841?

CVE-2023-35841 is a high-severity vulnerability in Phoenix Winflash Driver, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 7.8/10. Published 2024-05-14.

How severe is CVE-2023-35841?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Phoenix Winflash Driver

CVE-2023-35841

Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.

EPSS: 0.002 (35.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Phoenix Winflash Driver — versions 0

Weakness classification (CWE)

CWE-732 — Incorrect Permission Assignment for Critical Resource
CWE-782

References

phoenixtech.com/phoenix-security-notifications/cve-2023-35841/
blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html
jvn.jp/en/vu/JVNVU93886750/index.html

Frequently asked questions

What is CVE-2023-35841?: CVE-2023-35841 is a high-severity vulnerability in Phoenix Winflash Driver, classified under Incorrect Permission Assignment for Critical Resource. CVSS score: 7.8/10. Published 2024-05-14.
How severe is CVE-2023-35841?: High severity. CVSS v3 base score is 7.8 out of 10.