Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
8 vulnerabilities by phoenixtech
CVE-2024-12533 (GCVE-0-2024-12533)
Vulnerability from cvelistv5 – Published: 2025-05-13 14:56 – Updated: 2025-07-28 20:55
VLAI
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | SecureCore Technology 4 |
Affected:
4.0.1.0 , < 4.0.1.1018
(custom)
Affected: 4.1.0.1 , < 4.1.0.573 (custom) Affected: 4.2.0.1 , < 4.2.0.338 (custom) Affected: 4.2.1.1 , < 4.2.1.300 (custom) Affected: 4.3.0.1 , < 4.3.0.244 (custom) Affected: 4.3.1.1 , < 4.3.1.187 (custom) Affected: 4.4.0.1 , < 4.4.0.299 (custom) Affected: 4.5.0.1 , < 4.5.0.231 (custom) Affected: 4.5.1.1 , < 4.5.1.103 (custom) Affected: 4.5.5.1 , < 4.5.5.36 (custom) Affected: 4.6.0.1 , < 4.6.0.67 (custom) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:15:02.413134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:15:09.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore Technology 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1018",
"status": "affected",
"version": "4.0.1.0",
"versionType": "custom"
},
{
"lessThan": "4.1.0.573",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
},
{
"lessThan": "4.2.0.338",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
},
{
"lessThan": "4.2.1.300",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
},
{
"lessThan": "4.3.0.244",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
},
{
"lessThan": "4.3.1.187",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
},
{
"lessThan": "4.4.0.299",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
},
{
"lessThan": "4.5.0.231",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
},
{
"lessThan": "4.5.1.103",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
},
{
"lessThan": "4.5.5.36",
"status": "affected",
"version": "4.5.5.1",
"versionType": "custom"
},
{
"lessThan": "4.6.0.67",
"status": "affected",
"version": "4.6.0.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:55:52.706Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-12533/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-12533",
"datePublished": "2025-05-13T14:56:41.235Z",
"dateReserved": "2024-12-11T17:37:28.103Z",
"dateUpdated": "2025-07-28T20:55:52.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29980 (GCVE-0-2024-29980)
Vulnerability from cvelistv5 – Published: 2025-01-14 16:00 – Updated: 2025-07-28 20:54
VLAI
Title
Unsafe Handling of IHV UEFI Variables
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Affected:
0 , < 4.0.1.1012
(custom)
|
|
| Phoenix | SecureCore™ for Intel Coffee Lake |
Affected:
0 , < 4.1.0.568
(custom)
|
|
| Phoenix | SecureCore™ for Intel Comet Lake |
Affected:
0 , < 4.2.1.292
(custom)
|
|
| Phoenix | SecureCore™ for Intel Ice Lake |
Affected:
0 , < 4.2.0.334
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:13.527370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:16.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:54:33.057Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29980/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of IHV UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29980",
"datePublished": "2025-01-14T16:00:15.300Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:54:33.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29979 (GCVE-0-2024-29979)
Vulnerability from cvelistv5 – Published: 2025-01-14 16:00 – Updated: 2025-07-28 20:55
VLAI
Title
Unsafe Handling of Phoenix UEFI Variables
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
1 reference
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Affected:
0 , < 4.0.1.1012
(custom)
|
|
| Phoenix | SecureCore™ for Intel Coffee Lake |
Affected:
0 , < 4.1.0.568
(custom)
|
|
| Phoenix | SecureCore™ for Intel Comet Lake |
Affected:
0 , < 4.2.1.292
(custom)
|
|
| Phoenix | SecureCore™ for Intel Ice Lake |
Affected:
0 , < 4.2.0.334
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:31.630839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:44.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:55:13.618Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29979/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of Phoenix UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29979",
"datePublished": "2025-01-14T16:00:15.221Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:55:13.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1598 (GCVE-0-2024-1598)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:56 – Updated: 2025-07-28 20:53
VLAI
Title
Potential buffer overflow when handling UEFI variables
Summary
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects:
SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
2 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | SecureCore™ for Intel Gemini Lake |
Affected:
4.1.0.1 , < 4.1.0.567
(custom)
|
|
| phoenix | securecore_technology |
Affected:
4.1.0.1 , < 4.1.0.567
(custom)
cpe:2.3:a:phoenix:securecore_technology:-:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.1.0.567",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:33:23.578704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:14.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2024-1598/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Gemini Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.567",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zichuan Li from Indiana University Bloomington"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for Intel Gemini Lake.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eSecureCore\u2122 for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.\u003c/p\u003e"
}
],
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for Intel Gemini Lake.This issue affects:\n\nSecureCore\u2122 for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:53:48.128Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-1598/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow when handling UEFI variables",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-1598",
"datePublished": "2024-05-14T14:56:38.995Z",
"dateReserved": "2024-02-16T22:57:32.402Z",
"dateUpdated": "2025-07-28T20:53:48.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0762 (GCVE-0-2024-0762)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:56 – Updated: 2025-07-28 20:53
VLAI
Title
Potential buffer overflow when handling UEFI variables
Summary
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Assigner
References
Impacted products
18 products
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Affected:
4.0.1.1 , < 4.0.1.998
(custom)
|
|
| Phoenix | SecureCore™ for Intel Coffee Lake |
Affected:
4.1.0.1 , < 4.1.0.562
(custom)
|
|
| Phoenix | SecureCore™ for Intel Ice Lake |
Affected:
4.2.0.1 , < 4.2.0.323
(custom)
|
|
| Phoenix | SecureCore™ for Intel Comet Lake |
Affected:
4.2.1.1 , < 4.2.1.287
(custom)
|
|
| Phoenix | SecureCore™ for Intel Tiger Lake |
Affected:
4.3.0.1 , < 4.3.0.236
(custom)
|
|
| Phoenix | SecureCore™ for Intel Jasper Lake |
Affected:
4.3.1.1 , < 4.3.1.184
(custom)
|
|
| Phoenix | SecureCore™ for Intel Alder Lake |
Affected:
4.4.0.1 , < 4.4.0.269
(custom)
|
|
| Phoenix | SecureCore™ for Intel Raptor Lake |
Affected:
4.5.0.1 , < 4.5.0.218
(custom)
|
|
| Phoenix | SecureCore™ for Intel Meteor Lake |
Affected:
4.5.1.1 , < 4.5.1.15
(custom)
|
|
| phoenix | securecore_technology |
Affected:
4.0.1.1 , < 4.0.1.998
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.1.0.1 , < 4.1.0.562
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.2.0.1 , < 4.2.0.323
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.2.1.1 , < 4.2.1.287
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.3.0.1 , < 4.3.0.236
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.3.1.1 , < 4.3.1.184
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.4.0.1 , < 4.4.0.269
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.5.0.1 , < 4.5.0.218
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:* |
|
| phoenix | securecore_technology |
Affected:
4.5.1.1 , < 4.5.1.15
(custom)
cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:18:12.193624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:37:52.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:17.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2024-0762/"
},
{
"tags": [
"x_transferred"
],
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Tiger Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Jasper Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Alder Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Raptor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Meteor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oren Isacson from Eclypsium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nPotential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\u003c/div\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.\u003c/p\u003e"
}
],
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\n\n\nThis issue affects:\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:53:10.827Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/CVE-2024-0762/"
},
{
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow when handling UEFI variables",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-0762",
"datePublished": "2024-05-14T14:56:25.578Z",
"dateReserved": "2024-01-19T20:40:59.164Z",
"dateUpdated": "2025-07-28T20:53:10.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35841 (GCVE-0-2023-35841)
Vulnerability from cvelistv5 – Published: 2024-05-14 14:56 – Updated: 2025-07-28 20:49
VLAI
Title
WinFlash Driver Permissions Issue
Summary
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | WinFlash Driver |
Affected:
0 , < 4.5.0.0
(semver)
|
|
| phoenix | winflash_driver |
Affected:
0 , < 4.5.0
(custom)
cpe:2.3:a:phoenix:winflash_driver:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:winflash_driver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "winflash_driver",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:32:21.876164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:27.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-35841/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WinFlash Driver",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Takahiro Haruyama of Broadcom"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.\u003cp\u003eThis issue affects WinFlash Driver: before 4.5.0.0.\u003c/p\u003e"
}
],
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782 Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:49:33.663Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-35841/"
},
{
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WinFlash Driver Permissions Issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-35841",
"datePublished": "2024-05-14T14:56:14.743Z",
"dateReserved": "2023-06-19T00:35:50.974Z",
"dateUpdated": "2025-07-28T20:49:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5058 (GCVE-0-2023-5058)
Vulnerability from cvelistv5 – Published: 2023-12-07 22:29 – Updated: 2025-07-28 20:50
VLAI
Summary
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.
Severity
No CVSS data available.
CWE
- CWE-20 - Improper Input Validation
Assigner
References
4 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:50:19.406Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
},
{
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-5058",
"datePublished": "2023-12-07T22:29:05.717Z",
"dateReserved": "2023-09-18T21:36:23.632Z",
"dateUpdated": "2025-07-28T20:50:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31100 (GCVE-0-2023-31100)
Vulnerability from cvelistv5 – Published: 2023-11-14 23:17 – Updated: 2025-07-28 20:48
VLAI
Summary
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
Severity
8.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-284 - Improper Access Control in SMI handler
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Affected:
4.3.0.0 , < 4.3.0.203
(custom)
Affected: 4.3.1.0 , < 4.3.1.163 (custom) Affected: 4.4.0.0 , < 4.4.0.217 (custom) Affected: 4.5.0.0 , < 4.5.0.138 (custom) |
Date Public
2023-11-14 21:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:42:57.173898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:43:07.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.203",
"status": "affected",
"version": "4.3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.3.1.163",
"status": "affected",
"version": "4.3.1.0",
"versionType": "custom"
},
{
"lessThan": "4.4.0.217",
"status": "affected",
"version": "4.4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.5.0.138",
"status": "affected",
"version": "4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\u003cbr\u003e\u003cp\u003eThis issue affects SecureCore\u2122 Technology\u2122 4:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 4.3.0.0 before 4.3.0.203\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.3.1.0 before 4.3.1.163\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.4.0.0 before 4.4.0.217\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.5.0.0 before 4.5.0.138\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\nThis issue affects SecureCore\u2122 Technology\u2122 4:\n\n\n * from 4.3.0.0 before 4.3.0.203\n * \n\nfrom \n\n4.3.1.0 before 4.3.1.163\n * \n\nfrom \n\n4.4.0.0 before 4.4.0.217\n * \n\nfrom \n\n4.5.0.0 before 4.5.0.138"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control in SMI handler",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:48:38.895Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-31100/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-31100",
"datePublished": "2023-11-14T23:17:07.869Z",
"dateReserved": "2023-04-24T06:17:27.488Z",
"dateUpdated": "2025-07-28T20:48:38.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}