Common Weakness Enumeration

CWE-782

Allowed

Exposed IOCTL with Insufficient Access Control

Abstraction: Variant · Status: Draft

The product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.

50 vulnerabilities reference this CWE, most recent first.

GHSA-GQ25-2CXW-WFMP

Vulnerability from github – Published: 2026-02-10 18:30 – Updated: 2026-02-10 18:30
VLAI
Details

Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-27535"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-02-10T17:16:14Z",
    "severity": "MODERATE"
  },
  "details": "Exposed ioctl with insufficient access control in the firmware for some Intel(R) Ethernet Connection E825-C. before version NVM ver. 3.84 within Ring 0: Bare Metal OS may allow a denial of service. System software adversary with a privileged user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.",
  "id": "GHSA-gq25-2cxw-wfmp",
  "modified": "2026-02-10T18:30:39Z",
  "published": "2026-02-10T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27535"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01171.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-H3XP-FGM5-94VX

Vulnerability from github – Published: 2024-05-07 15:30 – Updated: 2024-07-03 18:39
VLAI
Details

An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-32370"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-07T15:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in HSC Cybersecurity HC Mailinspector 5.2.17-3 through 5.2.18 allows a remote attacker to obtain sensitive information via a crafted payload to the id parameter in the mliSystemUsers.php component.",
  "id": "GHSA-h3xp-fgm5-94vx",
  "modified": "2024-07-03T18:39:22Z",
  "published": "2024-05-07T15:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32370"
    },
    {
      "type": "WEB",
      "url": "https://cwe.mitre.org/data/definitions/639.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/chucrutis/CVE-2024-32370"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J48R-9CXH-CCPX

Vulnerability from github – Published: 2025-11-18 18:32 – Updated: 2025-11-18 18:32
VLAI
Details

An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47761"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-11-18T17:16:02Z",
    "severity": "HIGH"
  },
  "details": "An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.9 may allow an authenticated local user to execute unauthorized code via fortips driver.  Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.",
  "id": "GHSA-j48r-9cxh-ccpx",
  "modified": "2025-11-18T18:32:53Z",
  "published": "2025-11-18T18:32:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47761"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-25-112"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-JV52-Q48W-CM7J

Vulnerability from github – Published: 2026-06-17 18:35 – Updated: 2026-06-17 18:35
VLAI
Details

Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s) * Product Name: Netskope Client * Affected Platform: Windows * Affected Version: All version below R138

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-15641"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-17T13:19:13Z",
    "severity": "MODERATE"
  },
  "details": "Netskope was notified about a potential gap in its Netskope Client for Windows systems where a malicious insider with administrative privileges can potentially tamper with the customer IOCTL by sending crafted IOCTL requests to the driver. A successful exploit can result in the bypassing of all anti-tampering protections for the NSClient.Affected Product(s) and Version(s)\n  *  Product Name: Netskope Client\n  *  Affected Platform: Windows\n  *  Affected Version: All version below R138",
  "id": "GHSA-jv52-q48w-cm7j",
  "modified": "2026-06-17T18:35:42Z",
  "published": "2026-06-17T18:35:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-15641"
    },
    {
      "type": "WEB",
      "url": "https://www.netskope.com/resources/netskope-resources/netskope-security-advisory-nskpsa-2025-007"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-P743-VM74-R5X3

Vulnerability from github – Published: 2024-05-22 18:30 – Updated: 2024-08-01 15:31
VLAI
Details

An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-33222"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-22T16:15:09Z",
    "severity": "HIGH"
  },
  "details": "An issue in the component ATSZIO64.sys of ASUSTeK Computer Inc ASUS ATSZIO Driver v0.2.1.7 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests.",
  "id": "GHSA-p743-vm74-r5x3",
  "modified": "2024-08-01T15:31:45Z",
  "published": "2024-05-22T18:30:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33222"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33222"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-PP2J-9HQV-7X55

Vulnerability from github – Published: 2022-05-24 17:49 – Updated: 2025-10-22 00:32
VLAI
Details

Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-21551"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-04T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required.",
  "id": "GHSA-pp2j-9hqv-7x55",
  "modified": "2025-10-22T00:32:08Z",
  "published": "2022-05-24T17:49:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21551"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21551"
    },
    {
      "type": "WEB",
      "url": "https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162604/Dell-DBUtil_2_3.sys-IOCTL-Memory-Read-Write.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162739/DELL-dbutil_2_3.sys-2.3-Arbitrary-Write-Privilege-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q74F-J88C-7G46

Vulnerability from github – Published: 2026-05-08 03:30 – Updated: 2026-05-08 03:30
VLAI
Details

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision Touchpad ' section on the ASUS Security Advisory for more information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6737"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-08T03:16:24Z",
    "severity": "LOW"
  },
  "details": "An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable\u00a0via crafted IOCTL requests.Refer to the \u0027\nSecurity Update for ASUS Precision Touchpad\u00a0\u0027 section on the ASUS Security Advisory for more information.",
  "id": "GHSA-q74f-j88c-7g46",
  "modified": "2026-05-08T03:30:24Z",
  "published": "2026-05-08T03:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6737"
    },
    {
      "type": "WEB",
      "url": "https://www.asus.com/security-advisory"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-X42P-Q354-PX3C

Vulnerability from github – Published: 2026-06-01 18:31 – Updated: 2026-06-01 21:30
VLAI
Details

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-8501"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-01T17:17:35Z",
    "severity": "HIGH"
  },
  "details": "Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.",
  "id": "GHSA-x42p-q354-px3c",
  "modified": "2026-06-01T21:30:41Z",
  "published": "2026-06-01T18:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8501"
    },
    {
      "type": "WEB",
      "url": "https://kb.cert.org/vuls/id/158530"
    },
    {
      "type": "WEB",
      "url": "https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules"
    },
    {
      "type": "WEB",
      "url": "https://learn.microsoft.com/en-us/windows/win32/secauthz/security-descriptor-definition-language"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/158530"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCWR-X5FM-7JMR

Vulnerability from github – Published: 2025-08-01 15:34 – Updated: 2025-08-01 15:34
VLAI
Details

Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-44976"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-01T14:15:34Z",
    "severity": "LOW"
  },
  "details": "Hangzhou Shunwang Rentdrv2 before 2024-12-24 allows local users to terminate EDR processes and possibly have unspecified other impact via DeviceIoControl with control code 0x22E010, as exploited in the wild in October 2023.",
  "id": "GHSA-xcwr-x5fm-7jmr",
  "modified": "2025-08-01T15:34:18Z",
  "published": "2025-08-01T15:34:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44976"
    },
    {
      "type": "WEB",
      "url": "https://github.com/keowu/BadRentdrv2"
    },
    {
      "type": "WEB",
      "url": "https://unit42.paloaltonetworks.com/agonizing-serpens-targets-israeli-tech-higher-ed-sectors"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XCXV-MC83-GMW5

Vulnerability from github – Published: 2025-03-17 18:31 – Updated: 2025-03-19 21:30
VLAI
Details

An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-26125"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-782"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-17T18:15:21Z",
    "severity": "MODERATE"
  },
  "details": "An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.",
  "id": "GHSA-xcxv-mc83-gmw5",
  "modified": "2025-03-19T21:30:49Z",
  "published": "2025-03-17T18:31:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-26125"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ZeroMemoryEx/CVE-2025-26125"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ZeroMemoryEx/IObit-EoP"
    },
    {
      "type": "WEB",
      "url": "https://x.com/zeromemoryex/status/1876878269200449819"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation
Architecture and Design

In Windows environments, use proper access control for the associated device or device namespace. See References.

No CAPEC attack patterns related to this CWE.