Gunp4Ng

**Name of the Vulnerable Software and Affected Versions** SevenCs ORCA G2 version 2.0.1.35 (EC2007 Kernel v5.22) **Description** An issue exists where a Security Descriptor with no explicitly configured DACL is applied to a device object by the `regService` process, which operates with SYSTEM privileges. This could allow an attacker to perform unauthorized raw disk operations, potentially leading to system disruption and exposure of sensitive data, and may facilitate local privilege escalation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.