Refine your search
8 vulnerabilities found for by Phoenix
CVE-2024-12533 (GCVE-0-2024-12533)
Vulnerability from cvelistv5
Published
2025-05-13 14:56
Modified
2025-07-28 20:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore Technology 4 |
Version: 4.0.1.0 < 4.0.1.1018 Version: 4.1.0.1 < 4.1.0.573 Version: 4.2.0.1 < 4.2.0.338 Version: 4.2.1.1 < 4.2.1.300 Version: 4.3.0.1 < 4.3.0.244 Version: 4.3.1.1 < 4.3.1.187 Version: 4.4.0.1 < 4.4.0.299 Version: 4.5.0.1 < 4.5.0.231 Version: 4.5.1.1 < 4.5.1.103 Version: 4.5.5.1 < 4.5.5.36 Version: 4.6.0.1 < 4.6.0.67 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12533",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T15:15:02.413134Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T15:15:09.100Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore Technology 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1018",
"status": "affected",
"version": "4.0.1.0",
"versionType": "custom"
},
{
"lessThan": "4.1.0.573",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
},
{
"lessThan": "4.2.0.338",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
},
{
"lessThan": "4.2.1.300",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
},
{
"lessThan": "4.3.0.244",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
},
{
"lessThan": "4.3.1.187",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
},
{
"lessThan": "4.4.0.299",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
},
{
"lessThan": "4.5.0.231",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
},
{
"lessThan": "4.5.1.103",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
},
{
"lessThan": "4.5.5.36",
"status": "affected",
"version": "4.5.5.1",
"versionType": "custom"
},
{
"lessThan": "4.6.0.67",
"status": "affected",
"version": "4.6.0.1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:55:52.706Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-12533/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-12533",
"datePublished": "2025-05-13T14:56:41.235Z",
"dateReserved": "2024-12-11T17:37:28.103Z",
"dateUpdated": "2025-07-28T20:55:52.706Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29980 (GCVE-0-2024-29980)
Vulnerability from cvelistv5
Published
2025-01-14 16:00
Modified
2025-07-28 20:54
Severity ?
4.6 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Version: 0 < 4.0.1.1012 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29980",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:13.527370Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:16.295Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:54:33.057Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29980/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of IHV UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29980",
"datePublished": "2025-01-14T16:00:15.300Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:54:33.057Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-29979 (GCVE-0-2024-29979)
Vulnerability from cvelistv5
Published
2025-01-14 16:00
Modified
2025-07-28 20:55
Severity ?
4.6 (Medium) - CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
2.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
VLAI Severity ?
EPSS score ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Summary
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Version: 0 < 4.0.1.1012 |
|||||||||||||||||
|
|||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-29979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-14T16:41:31.630839Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T16:41:44.962Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.1012",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.568",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.292",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.334",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.\u003cp\u003eThis issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334.\u003c/p\u003e"
}
],
"value": "Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore\u2122 for Intel Kaby Lake, Phoenix SecureCore\u2122 for Intel Coffee Lake, Phoenix SecureCore\u2122 for Intel Comet Lake, Phoenix SecureCore\u2122 for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore\u2122 for Intel Kaby Lake: before 4.0.1.1012; SecureCore\u2122 for Intel Coffee Lake: before 4.1.0.568; SecureCore\u2122 for Intel Comet Lake: before 4.2.1.292; SecureCore\u2122 for Intel Ice Lake: before 4.2.0.334."
}
],
"impacts": [
{
"capecId": "CAPEC-153",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-153 Input Data Manipulation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:55:13.618Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-29979/"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unsafe Handling of Phoenix UEFI Variables",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-29979",
"datePublished": "2025-01-14T16:00:15.221Z",
"dateReserved": "2024-03-22T21:30:22.857Z",
"dateUpdated": "2025-07-28T20:55:13.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-1598 (GCVE-0-2024-1598)
Vulnerability from cvelistv5
Published
2024-05-14 14:56
Modified
2025-07-28 20:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for Intel Gemini Lake.This issue affects:
SecureCore™ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Gemini Lake |
Version: 4.1.0.1 < 4.1.0.567 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.1.0.567",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-1598",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:33:23.578704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T18:01:14.870Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:48:21.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2024-1598/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Gemini Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.567",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Zichuan Li from Indiana University Bloomington"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for Intel Gemini Lake.\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eSecureCore\u2122 for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.\u003c/p\u003e"
}
],
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for Intel Gemini Lake.This issue affects:\n\nSecureCore\u2122 for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:53:48.128Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2024-1598/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow when handling UEFI variables",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-1598",
"datePublished": "2024-05-14T14:56:38.995Z",
"dateReserved": "2024-02-16T22:57:32.402Z",
"dateUpdated": "2025-07-28T20:53:48.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-0762 (GCVE-0-2024-0762)
Vulnerability from cvelistv5
Published
2024-05-14 14:56
Modified
2025-07-28 20:53
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake |
Version: 4.0.1.1 < 4.0.1.998 |
||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "securecore_technology",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-0762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T15:18:12.193624Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T13:37:52.909Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:18:17.893Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2024-0762/"
},
{
"tags": [
"x_transferred"
],
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Kaby Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.0.1.998",
"status": "affected",
"version": "4.0.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Coffee Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.1.0.562",
"status": "affected",
"version": "4.1.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Ice Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.0.323",
"status": "affected",
"version": "4.2.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Comet Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.2.1.287",
"status": "affected",
"version": "4.2.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Tiger Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.236",
"status": "affected",
"version": "4.3.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Jasper Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.1.184",
"status": "affected",
"version": "4.3.1.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Alder Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.4.0.269",
"status": "affected",
"version": "4.4.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Raptor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.218",
"status": "affected",
"version": "4.5.0.1",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 for Intel Meteor Lake",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.1.15",
"status": "affected",
"version": "4.5.1.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Oren Isacson from Eclypsium"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\nPotential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\u003c/div\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\u003c/p\u003e\u003cp\u003e\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.\u003c/p\u003e"
}
],
"value": "Potential buffer overflow \nin unsafe UEFI variable handling \n\nin Phoenix SecureCore\u2122 for select Intel platforms\n\n\nThis issue affects:\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;\n\n\nPhoenix \n\nSecureCore\u2122 for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:53:10.827Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/CVE-2024-0762/"
},
{
"url": "https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/"
},
{
"url": "https://news.ycombinator.com/item?id=40747852"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Potential buffer overflow when handling UEFI variables",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2024-0762",
"datePublished": "2024-05-14T14:56:25.578Z",
"dateReserved": "2024-01-19T20:40:59.164Z",
"dateUpdated": "2025-07-28T20:53:10.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-35841 (GCVE-0-2023-35841)
Vulnerability from cvelistv5
Published
2024-05-14 14:56
Modified
2025-07-28 20:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | WinFlash Driver |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phoenix:winflash_driver:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "winflash_driver",
"vendor": "phoenix",
"versions": [
{
"lessThan": "4.5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35841",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-14T18:32:21.876164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:18:27.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:30:45.376Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-35841/"
},
{
"tags": [
"x_transferred"
],
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows"
],
"product": "WinFlash Driver",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.5.0.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Takahiro Haruyama of Broadcom"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.\u003cp\u003eThis issue affects WinFlash Driver: before 4.5.0.0.\u003c/p\u003e"
}
],
"value": "Exposed IOCTL with Insufficient Access Control in Phoenix WinFlash Driver on Windows allows Privilege Escalation which allows for modification of system firmware.This issue affects WinFlash Driver: before 4.5.0.0."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-782",
"description": "CWE-782 Exposed IOCTL with Insufficient Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:49:33.663Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-35841/"
},
{
"url": "https://blogs.vmware.com/security/2023/10/hunting-vulnerable-kernel-drivers.html"
},
{
"url": "https://jvn.jp/en/vu/JVNVU93886750/index.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "WinFlash Driver Permissions Issue",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-35841",
"datePublished": "2024-05-14T14:56:14.743Z",
"dateReserved": "2023-06-19T00:35:50.974Z",
"dateUpdated": "2025-07-28T20:49:33.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-5058 (GCVE-0-2023-5058)
Vulnerability from cvelistv5
Published
2023-12-07 22:29
Modified
2025-07-28 20:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-20 - Improper Input Validation
Summary
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Version: 4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:44:53.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"status": "affected",
"version": "4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:50:19.406Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
},
{
"url": "https://www.kb.cert.org/vuls/id/811862"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-5058",
"datePublished": "2023-12-07T22:29:05.717Z",
"dateReserved": "2023-09-18T21:36:23.632Z",
"dateUpdated": "2025-07-28T20:50:19.406Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31100 (GCVE-0-2023-31100)
Vulnerability from cvelistv5
Published
2023-11-14 23:17
Modified
2025-07-28 20:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control in SMI handler
Summary
Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Phoenix | SecureCore™ Technology™ 4 |
Version: 4.3.0.0 < 4.3.0.203 Version: 4.3.1.0 < 4.3.1.163 Version: 4.4.0.0 < 4.4.0.217 Version: 4.5.0.0 < 4.5.0.138 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:45:25.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.phoenix.com/security-notifications/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-31100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-02T19:42:57.173898Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-02T19:43:07.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "SecureCore\u2122 Technology\u2122 4",
"vendor": "Phoenix",
"versions": [
{
"lessThan": "4.3.0.203",
"status": "affected",
"version": "4.3.0.0",
"versionType": "custom"
},
{
"lessThan": "4.3.1.163",
"status": "affected",
"version": "4.3.1.0",
"versionType": "custom"
},
{
"lessThan": "4.4.0.217",
"status": "affected",
"version": "4.4.0.0",
"versionType": "custom"
},
{
"lessThan": "4.5.0.138",
"status": "affected",
"version": "4.5.0.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2023-11-14T21:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\u003cbr\u003e\u003cp\u003eThis issue affects SecureCore\u2122 Technology\u2122 4:\u003cbr\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 4.3.0.0 before 4.3.0.203\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.3.1.0 before 4.3.1.163\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.4.0.0 before 4.4.0.217\u003c/li\u003e\u003cli\u003e\n\nfrom \n\n4.5.0.0 before 4.5.0.138\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "Improper Access Control in SMI handler vulnerability in Phoenix SecureCore\u2122 Technology\u2122 4 allows SPI flash modification.\nThis issue affects SecureCore\u2122 Technology\u2122 4:\n\n\n * from 4.3.0.0 before 4.3.0.203\n * \n\nfrom \n\n4.3.1.0 before 4.3.1.163\n * \n\nfrom \n\n4.4.0.0 before 4.4.0.217\n * \n\nfrom \n\n4.5.0.0 before 4.5.0.138"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control in SMI handler",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-28T20:48:38.895Z",
"orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"shortName": "Phoenix"
},
"references": [
{
"url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-31100/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
"assignerShortName": "Phoenix",
"cveId": "CVE-2023-31100",
"datePublished": "2023-11-14T23:17:07.869Z",
"dateReserved": "2023-04-24T06:17:27.488Z",
"dateUpdated": "2025-07-28T20:48:38.895Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}