Search criteria
8 vulnerabilities
CVE-2024-12533 (GCVE-0-2024-12533)
Vulnerability from cvelistv5 – Published: 2025-05-13 14:56 – Updated: 2025-07-28 20:55
VLAI?
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore Technology 4 |
Affected:
4.0.1.0 , < 4.0.1.1018
(custom)
Affected: 4.1.0.1 , < 4.1.0.573 (custom) Affected: 4.2.0.1 , < 4.2.0.338 (custom) Affected: 4.2.1.1 , < 4.2.1.300 (custom) Affected: 4.3.0.1 , < 4.3.0.244 (custom) Affected: 4.3.1.1 , < 4.3.1.187 (custom) Affected: 4.4.0.1 , < 4.4.0.299 (custom) Affected: 4.5.0.1 , < 4.5.0.231 (custom) Affected: 4.5.1.1 , < 4.5.1.103 (custom) Affected: 4.5.5.1 , < 4.5.5.36 (custom) Affected: 4.6.0.1 , < 4.6.0.67 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:15:02.413134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:15:09.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore Technology 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1018",
"status": "affected",
"version": "4.0.1.0",
"versionType": "custom"
},
{
"lessThan": "4.1.0.573",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
},
{
"lessThan": "4.2.0.338",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
},
{
"lessThan": "4.2.1.300",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
},
{
"lessThan": "4.3.0.244",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
},
{
"lessThan": "4.3.1.187",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
},
{
"lessThan": "4.4.0.299",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
},
{
"lessThan": "4.5.0.231",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
},
{
"lessThan": "4.5.1.103",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
},
{
"lessThan": "4.5.5.36",
"status": "affected",
"version": "4.5.5.1",
"versionType": "custom"
},
{
"lessThan": "4.6.0.67",
"status": "affected",
"version": "4.6.0.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:55:52.706Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-12533/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-12533",
"datePublished": "2025-05-13T14:56:41.235Z",
"dateReserved": "2024-12-11T17:37:28.103Z",
"dateUpdated": "2025-07-28T20:55:52.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29979 (GCVE-0-2024-29979)
Vulnerability from cvelistv5 – Published: 2025-01-14 16:00 – Updated: 2025-07-28 20:55
VLAI?
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Affected:
0 , < 4.0.1.1012
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:31.630839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:44.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:55:13.618Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29979/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of Phoenix UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29979",
"datePublished": "2025-01-14T16:00:15.221Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:55:13.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29980 (GCVE-0-2024-29980)
Vulnerability from cvelistv5 – Published: 2025-01-14 16:00 – Updated: 2025-07-28 20:54
VLAI?
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Affected:
0 , < 4.0.1.1012
(custom)
|
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:13.527370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:16.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:54:33.057Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29980/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of IHV UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29980",
"datePublished": "2025-01-14T16:00:15.300Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:54:33.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1598 (GCVE-0-2024-1598)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:56 – Updated: 2025-07-28 20:53
VLAI?
Summary
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects:
SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
Severity ?
7.5 (High)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Gemini Lake |
Affected:
4.1.0.1 , < 4.1.0.567
(custom)
|
Credits
Zichuan Li from Indiana University Bloomington
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.1.0.567",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:33:23.578704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:14.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2024-1598/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Gemini Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.567",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zichuan Li from Indiana University Bloomington"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for Intel Gemini Lake.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eSecureCore\u2122 for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.\u003c/p\u003e"
}
],
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for Intel Gemini Lake.This issue affects:\n\nSecureCore\u2122 for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:53:48.128Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-1598/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow when handling UEFI variables",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-1598",
"datePublished": "2024-05-14T14:56:38.995Z",
"dateReserved": "2024-02-16T22:57:32.402Z",
"dateUpdated": "2025-07-28T20:53:48.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0762 (GCVE-0-2024-0762)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:56 – Updated: 2025-07-28 20:53
VLAI?
Summary
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Severity ?
7.5 (High)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Affected:
4.0.1.1 , < 4.0.1.998
(custom)
|
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
Credits
Oren Isacson from Eclypsium
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:18:12.193624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:37:52.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:17.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2024-0762/"
},
{
"tags": [
"x_transferred"
],
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Tiger Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Jasper Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Alder Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Raptor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Meteor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oren Isacson from Eclypsium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nPotential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\u003c/div\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.\u003c/p\u003e"
}
],
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\n\n\nThis issue affects:\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:53:10.827Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/CVE-2024-0762/"
},
{
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow when handling UEFI variables",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-0762",
"datePublished": "2024-05-14T14:56:25.578Z",
"dateReserved": "2024-01-19T20:40:59.164Z",
"dateUpdated": "2025-07-28T20:53:10.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35841 (GCVE-0-2023-35841)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:56 – Updated: 2025-07-28 20:49
VLAI?
Summary
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
Severity ?
7.8 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | WinFlash Driver |
Affected:
0 , < 4.5.0.0
(semver)
|
Credits
Takahiro Haruyama of Broadcom
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:winflash_driver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "winflash_driver",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:32:21.876164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:27.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-35841/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WinFlash Driver",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Takahiro Haruyama of Broadcom"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.\u003cp\u003eThis issue affects WinFlash Driver: before 4.5.0.0.\u003c/p\u003e"
}
],
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782 Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:49:33.663Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-35841/"
},
{
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WinFlash Driver Permissions Issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-35841",
"datePublished": "2024-05-14T14:56:14.743Z",
"dateReserved": "2023-06-19T00:35:50.974Z",
"dateUpdated": "2025-07-28T20:49:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5058 (GCVE-0-2023-5058)
Vulnerability from cvelistv5 – Published: 2023-12-07 22:29 – Updated: 2025-07-28 20:50
VLAI?
Summary
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:50:19.406Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
},
{
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-5058",
"datePublished": "2023-12-07T22:29:05.717Z",
"dateReserved": "2023-09-18T21:36:23.632Z",
"dateUpdated": "2025-07-28T20:50:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31100 (GCVE-0-2023-31100)
Vulnerability from cvelistv5 – Published: 2023-11-14 23:17 – Updated: 2025-07-28 20:48
VLAI?
Summary
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
Severity ?
8.4 (High)
CWE
- CWE-284 - Improper Access Control in SMI handler
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.3.0.0 , < 4.3.0.203
(custom)
Affected: 4.3.1.0 , < 4.3.1.163 (custom) Affected: 4.4.0.0 , < 4.4.0.217 (custom) Affected: 4.5.0.0 , < 4.5.0.138 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:42:57.173898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:43:07.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.203",
"status": "affected",
"version": "4.3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.3.1.163",
"status": "affected",
"version": "4.3.1.0",
"versionType": "custom"
},
{
"lessThan": "4.4.0.217",
"status": "affected",
"version": "4.4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.5.0.138",
"status": "affected",
"version": "4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\u003cbr\u003e\u003cp\u003eThis issue affects SecureCore\u2122 Technology\u2122 4:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 4.3.0.0 before 4.3.0.203\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.3.1.0 before 4.3.1.163\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.4.0.0 before 4.4.0.217\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.5.0.0 before 4.5.0.138\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\nThis issue affects SecureCore\u2122 Technology\u2122 4:\n\n\n * from 4.3.0.0 before 4.3.0.203\n * \n\nfrom \n\n4.3.1.0 before 4.3.1.163\n * \n\nfrom \n\n4.4.0.0 before 4.4.0.217\n * \n\nfrom \n\n4.5.0.0 before 4.5.0.138"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control in SMI handler",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:48:38.895Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-31100/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-31100",
"datePublished": "2023-11-14T23:17:07.869Z",
"dateReserved": "2023-04-24T06:17:27.488Z",
"dateUpdated": "2025-07-28T20:48:38.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}