Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for securecore_technology by phoenix
CVE-2019-18279 (GCVE-0-2019-18279)
Vulnerability from nvd – Published: 2019-11-13 17:34 – Updated: 2024-10-15 18:36
VLAI?
Summary
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-18279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:16:13.854877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:36:12.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T17:38:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/",
"refsource": "MISC",
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"name": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf",
"refsource": "MISC",
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"name": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf",
"refsource": "CONFIRM",
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18279",
"datePublished": "2019-11-13T17:34:20.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-10-15T18:36:12.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18279 (GCVE-0-2019-18279)
Vulnerability from cvelistv5 – Published: 2019-11-13 17:34 – Updated: 2024-10-15 18:36
VLAI?
Summary
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
Severity ?
8.8 (High)
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:47:14.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-18279",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-15T17:16:13.854877Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T18:36:12.812Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-13T17:38:39.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/",
"refsource": "MISC",
"url": "https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/"
},
{
"name": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf",
"refsource": "MISC",
"url": "https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf"
},
{
"name": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf",
"refsource": "CONFIRM",
"url": "https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18279",
"datePublished": "2019-11-13T17:34:20.000Z",
"dateReserved": "2019-10-23T00:00:00.000Z",
"dateUpdated": "2024-10-15T18:36:12.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}