Lucene search

22d9ba52-f336-4b0d-bf1f-0efbdcc3c1deNVD:CVE-2023-31100

HistoryNov 15, 2023 - 12:15 a.m.

CVE-2023-31100

2023-11-1500:15:07

CWE-284

22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

web.nvd.nist.gov

improper access control

smi handler vulnerability

phoenix securecore™ technology™ 4

spi flash modification

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:

from 4.3.0.0 before 4.3.0.203

from

4.3.1.0 before 4.3.1.163
*

from

4.4.0.0 before 4.4.0.217
*

from

4.5.0.0 before 4.5.0.138

Affected configurations

NVD

Node

phoenixsecurecore_technologyRange4.3.0.0–4.3.0.203

phoenixsecurecore_technologyRange4.3.1.0–4.3.1.163

phoenixsecurecore_technologyRange4.4.0.0–4.4.0.217

phoenixsecurecore_technologyRange4.5.0.0–4.5.0.138

References

www.phoenix.com/security-notifications/

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for NVD:CVE-2023-31100