Lucene search

PhoenixCVELIST:CVE-2023-31100

HistoryNov 14, 2023 - 11:17 p.m.

CVE-2023-31100

2023-11-1423:17:07

CWE-284

Phoenix

www.cve.org

access control

smi handler

phoenix securecore™ technology™ 4

spi flash modification

vulnerability

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:

from 4.3.0.0 before 4.3.0.203

from

4.3.1.0 before 4.3.1.163
*

from

4.4.0.0 before 4.4.0.217
*

from

4.5.0.0 before 4.5.0.138

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SecureCore™ Technology™ 4",
    "vendor": "Phoenix",
    "versions": [
      {
        "lessThan": "4.3.0.203",
        "status": "affected",
        "version": "4.3.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.3.1.163",
        "status": "affected",
        "version": "4.3.1.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.4.0.217",
        "status": "affected",
        "version": "4.4.0.0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.5.0.138",
        "status": "affected",
        "version": "4.5.0.0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.phoenix.com/security-notifications/

CVSS3

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2023-31100