CWE-782: Exposed IOCTL with Insufficient Access Control
low-riskThe product implements an IOCTL with functionality that should be restricted, but it does not properly enforce access control for the IOCTL.
Abstraction: Variant
Common Consequences
Integrity
→
Varies by Context
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2021-21551 | 8.8 | 69.6% | Y |
| CVE-2024-32370 | 9.8 | 3.5% | — |
| CVE-2024-4196 | 10.0 | 0.8% | — |
| CVE-2024-33220 | 8.8 | 0.4% | — |
| CVE-2023-35841 | 7.8 | 0.2% | — |
| CVE-2024-39251 | 10.0 | 0.1% | — |
| CVE-2024-30804 | 9.8 | 0.1% | — |
| CVE-2024-33218 | 7.8 | 0.1% | — |
| CVE-2024-33219 | 7.8 | 0.1% | — |
| CVE-2024-33221 | 7.8 | 0.1% | — |
2
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
1/50 · Minimal