CVE-2019-18279

EPSS 0.59%
Veröffentlicht 13.11.2019 18:15:11
Zuletzt bearbeitet 21.11.2024 04:32:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 0 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phoenix ≫ Securecore Technology Version >= 1.1.12.0 <= 1.5.74.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/

Third Party Advisory

https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf

Third Party Advisory

https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2019-18279

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-18279

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-18279

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2019-18279