CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCore™ for select Intel platforms
This issue affects:
Phoenix
SecureCore™ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCore™ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCore™ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCore™ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCore™ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCore™ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCore™ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCore™ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCore™ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
[
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.0.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.0.1.1",
"lessThan": "4.0.1.998",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.1.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.1.0.1",
"lessThan": "4.1.0.562",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.2.0.1",
"lessThan": "4.2.0.323",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.2.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.2.1.1",
"lessThan": "4.2.1.287",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.3.0.1",
"lessThan": "4.3.0.236",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.3.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.3.1.1",
"lessThan": "4.3.1.184",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.4.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.4.0.1",
"lessThan": "4.4.0.269",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.0.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.5.0.1",
"lessThan": "4.5.0.218",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:phoenix:securecore_technology:4.5.1.1:*:*:*:*:*:*:*"
],
"vendor": "phoenix",
"product": "securecore_technology",
"versions": [
{
"status": "affected",
"version": "4.5.1.1",
"lessThan": "4.5.1.15",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
15.6%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total