Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    1 vulnerability by Phoenix Technologies Inc.

    JVNDB-2023-003028

    Vulnerability from jvndb - Published: 2023-08-30 10:05 - Updated:2024-04-24 11:43
    Severity
    3.3 (Low) - cvssV3_0 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    Summary
    Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL
    Details
    Some of the Windows kernel drivers provided by Phoenix Technologies Inc. is vulnerable to insufficient access control on its IOCTL (CWE-782, CVE-2023-35841). Takahiro Haruyama of VMware reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer.
    References
    Impacted products
    Show details on JVN DB website
    To clipboard 

    {
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003028.html",
  "dc:date": "2024-04-24T11:43+09:00",
  "dcterms:issued": "2023-08-30T10:05+09:00",
  "dcterms:modified": "2024-04-24T11:43+09:00",
  "description": "Some of the Windows kernel drivers provided by Phoenix Technologies Inc. is vulnerable to insufficient access control on its IOCTL (CWE-782, CVE-2023-35841).\r\n\r\nTakahiro Haruyama of VMware reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-003028.html",
  "sec:cpe": {
    "#text": "cpe:/a:phoenix:tdklib64.sys",
    "@product": "TdkLib64.sys",
    "@vendor": "Phoenix Technologies Inc.",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "3.3",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
    "@version": "3.0"
  },
  "sec:identifier": "JVNDB-2023-003028",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/vu/JVNVU93886750/index.html",
      "@id": "JVNVU#93886750",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/ta/JVNTA90371415/index.html",
      "@id": "JVNTA#90371415",
      "@source": "JVN"
    },
    {
      "#text": "https://www.cve.org/CVERecord?id=CVE-2023-35841",
      "@id": "CVE-2023-35841",
      "@source": "CVE"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/782.html",
      "@id": "CWE-782",
      "@title": "Exposed IOCTL with Insufficient Access Control(CWE-782)"
    }
  ],
  "title": "Phoenix Technologies Windows kernel driver vulnerable to insufficient access control on its IOCTL"
}