Search criteria
9 vulnerabilities found for securecore_technology by phoenix
FKIE_CVE-2023-5058
Vulnerability from fkie_nvd - Published: 2023-12-07 23:15 - Updated: 2025-09-25 21:17
Severity ?
Summary
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phoenixtech | securecore_technology | 4.* |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixtech:securecore_technology:4.*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFBB3510-AFF0-4C04-BB87-5ACD5E41B752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada inadecuada en el procesamiento de la pantalla de presentaci\u00f3n proporcionada por el usuario durante el inicio del sistema en Phoenix SecureCore\u2122 Technology\u2122 4 potencialmente permite ataques de denegaci\u00f3n de servicio o ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"id": "CVE-2023-5058",
"lastModified": "2025-09-25T21:17:13.403",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-07T23:15:07.490",
"references": [
{
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"tags": [
"Vendor Advisory"
],
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
},
{
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"tags": [
"Third Party Advisory"
],
"url": "https://www.kb.cert.org/vuls/id/811862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.kb.cert.org/vuls/id/811862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.phoenix.com/security-notifications/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
}
],
"sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-31100
Vulnerability from fkie_nvd - Published: 2023-11-15 00:15 - Updated: 2025-09-25 21:17
Severity ?
8.4 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
7.1 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Summary
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phoenixtech | securecore_technology | * | |
| phoenixtech | securecore_technology | * | |
| phoenixtech | securecore_technology | * | |
| phoenixtech | securecore_technology | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenixtech:securecore_technology:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D71A48E5-125F-48F4-A50A-451CDECB97B2",
"versionEndExcluding": "4.3.0.203",
"versionStartIncluding": "4.3.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:phoenixtech:securecore_technology:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE4DEB5-A2B0-43A6-8F86-EF448A69760A",
"versionEndExcluding": "4.3.1.163",
"versionStartIncluding": "4.3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:phoenixtech:securecore_technology:*:*:*:*:*:*:*:*",
"matchCriteriaId": "41F74BF5-6BA7-4591-ABFC-B2F65C3DB539",
"versionEndExcluding": "4.4.0.217",
"versionStartIncluding": "4.4.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:phoenixtech:securecore_technology:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE6AD0-2580-4E84-9F46-AE6227B67450",
"versionEndExcluding": "4.5.0.138",
"versionStartIncluding": "4.5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\nThis issue affects SecureCore\u2122 Technology\u2122 4:\n\n\n * from 4.3.0.0 before 4.3.0.203\n * \n\nfrom \n\n4.3.1.0 before 4.3.1.163\n * \n\nfrom \n\n4.4.0.0 before 4.4.0.217\n * \n\nfrom \n\n4.5.0.0 before 4.5.0.138"
},
{
"lang": "es",
"value": "Control de Acceso Inadecuado en la vulnerabilidad del Control SMI en Phoenix SecureCore\u2122 Technology\u2122 4 permite la modificaci\u00f3n de flash SPI. Este problema afecta a SecureCore\u2122 Technology\u2122 4: * desde 4.3.0.0 anterior a 4.3.0.203 * desde 4.3.1.0 anterior a 4.3.1.163 * desde 4.4.0.0 anterior a 4.4.0.217 * desde 4.5.0.0 anterior a 4.5.0.138"
}
],
"id": "CVE-2023-31100",
"lastModified": "2025-09-25T21:17:10.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 5.8,
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-11-15T00:15:07.573",
"references": [
{
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"tags": [
"Vendor Advisory"
],
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-31100/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.phoenix.com/security-notifications/"
}
],
"sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-18279
Vulnerability from fkie_nvd - Published: 2019-11-13 18:15 - Updated: 2024-11-21 04:32
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| phoenix | securecore_technology | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:phoenix:securecore_technology:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AFEF5A-A0B8-4044-A520-7252C30F075E",
"versionEndIncluding": "1.5.74.0",
"versionStartIncluding": "1.1.12.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
},
{
"lang": "es",
"value": "En Phoenix SCT WinFlash versiones 1.1.12.0 hasta 1.5.74.0, los controladores incluidos podr\u00edan ser utilizados por una aplicaci\u00f3n maliciosa de Windows para alcanzar privilegios elevados. Los impactos adversos est\u00e1n limitados al entorno de Windows y no se conoce un impacto directo en el firmware UEFI. Esto fue solucionado a finales de junio de 2019."
}
],
"id": "CVE-2019-18279",
"lastModified": "2024-11-21T04:32:57.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-11-13T18:15:11.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-5058 (GCVE-0-2023-5058)
Vulnerability from cvelistv5 – Published: 2023-12-07 22:29 – Updated: 2025-07-28 20:50
VLAI?
Summary
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:50:19.406Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
},
{
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-5058",
"datePublished": "2023-12-07T22:29:05.717Z",
"dateReserved": "2023-09-18T21:36:23.632Z",
"dateUpdated": "2025-07-28T20:50:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31100 (GCVE-0-2023-31100)
Vulnerability from cvelistv5 – Published: 2023-11-14 23:17 – Updated: 2025-07-28 20:48
VLAI?
Summary
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
Severity ?
8.4 (High)
CWE
- CWE-284 - Improper Access Control in SMI handler
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.3.0.0 , < 4.3.0.203
(custom)
Affected: 4.3.1.0 , < 4.3.1.163 (custom) Affected: 4.4.0.0 , < 4.4.0.217 (custom) Affected: 4.5.0.0 , < 4.5.0.138 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:42:57.173898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:43:07.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.203",
"status": "affected",
"version": "4.3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.3.1.163",
"status": "affected",
"version": "4.3.1.0",
"versionType": "custom"
},
{
"lessThan": "4.4.0.217",
"status": "affected",
"version": "4.4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.5.0.138",
"status": "affected",
"version": "4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\u003cbr\u003e\u003cp\u003eThis issue affects SecureCore\u2122 Technology\u2122 4:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 4.3.0.0 before 4.3.0.203\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.3.1.0 before 4.3.1.163\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.4.0.0 before 4.4.0.217\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.5.0.0 before 4.5.0.138\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\nThis issue affects SecureCore\u2122 Technology\u2122 4:\n\n\n * from 4.3.0.0 before 4.3.0.203\n * \n\nfrom \n\n4.3.1.0 before 4.3.1.163\n * \n\nfrom \n\n4.4.0.0 before 4.4.0.217\n * \n\nfrom \n\n4.5.0.0 before 4.5.0.138"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control in SMI handler",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:48:38.895Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-31100/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-31100",
"datePublished": "2023-11-14T23:17:07.869Z",
"dateReserved": "2023-04-24T06:17:27.488Z",
"dateUpdated": "2025-07-28T20:48:38.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18279 (GCVE-0-2019-18279)
Vulnerability from cvelistv5 – Published: 2019-11-13 17:34 – Updated: 2024-10-15 18:36
VLAI?
Summary
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-18279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:16:13.854877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:36:12.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T17:38:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/",
"refsource": "MISC",
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"name": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf",
"refsource": "MISC",
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"name": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf",
"refsource": "CONFIRM",
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18279",
"datePublished": "2019-11-13T17:34:20",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-10-15T18:36:12.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5058 (GCVE-0-2023-5058)
Vulnerability from nvd – Published: 2023-12-07 22:29 – Updated: 2025-07-28 20:50
VLAI?
Summary
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.
Severity ?
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:50:19.406Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
},
{
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-5058",
"datePublished": "2023-12-07T22:29:05.717Z",
"dateReserved": "2023-09-18T21:36:23.632Z",
"dateUpdated": "2025-07-28T20:50:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31100 (GCVE-0-2023-31100)
Vulnerability from nvd – Published: 2023-11-14 23:17 – Updated: 2025-07-28 20:48
VLAI?
Summary
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
Severity ?
8.4 (High)
CWE
- CWE-284 - Improper Access Control in SMI handler
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.3.0.0 , < 4.3.0.203
(custom)
Affected: 4.3.1.0 , < 4.3.1.163 (custom) Affected: 4.4.0.0 , < 4.4.0.217 (custom) Affected: 4.5.0.0 , < 4.5.0.138 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:42:57.173898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:43:07.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.203",
"status": "affected",
"version": "4.3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.3.1.163",
"status": "affected",
"version": "4.3.1.0",
"versionType": "custom"
},
{
"lessThan": "4.4.0.217",
"status": "affected",
"version": "4.4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.5.0.138",
"status": "affected",
"version": "4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\u003cbr\u003e\u003cp\u003eThis issue affects SecureCore\u2122 Technology\u2122 4:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 4.3.0.0 before 4.3.0.203\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.3.1.0 before 4.3.1.163\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.4.0.0 before 4.4.0.217\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.5.0.0 before 4.5.0.138\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\nThis issue affects SecureCore\u2122 Technology\u2122 4:\n\n\n * from 4.3.0.0 before 4.3.0.203\n * \n\nfrom \n\n4.3.1.0 before 4.3.1.163\n * \n\nfrom \n\n4.4.0.0 before 4.4.0.217\n * \n\nfrom \n\n4.5.0.0 before 4.5.0.138"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control in SMI handler",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:48:38.895Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-31100/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-31100",
"datePublished": "2023-11-14T23:17:07.869Z",
"dateReserved": "2023-04-24T06:17:27.488Z",
"dateUpdated": "2025-07-28T20:48:38.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18279 (GCVE-0-2019-18279)
Vulnerability from nvd – Published: 2019-11-13 17:34 – Updated: 2024-10-15 18:36
VLAI?
Summary
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-18279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:16:13.854877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:36:12.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T17:38:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/",
"refsource": "MISC",
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"name": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf",
"refsource": "MISC",
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"name": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf",
"refsource": "CONFIRM",
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18279",
"datePublished": "2019-11-13T17:34:20",
"dateReserved": "2019-10-23T00:00:00",
"dateUpdated": "2024-10-15T18:36:12.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}