Vulnerability-Lookup

CVE-2023-5058 (GCVE-0-2023-5058)

Vulnerability from cvelistv5 – Published: 2023-12-07 22:29 – Updated: 2025-07-28 20:50

Summary

Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.

Severity

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20 - Improper Input Validation

Assigner

Phoenix

References

4 references

URL	Tags
https://phoenixtech.com/phoenix-security-notifica…
https://www.kb.cert.org/vuls/id/811862
https://www.phoenix.com/security-notifications/	x_transferred
https://www.phoenix.com/security-notifications/cv…	x_transferred

Impacted products

1 product

Vendor	Product	Version
Phoenix	SecureCore™ Technology™ 4	Affected: 4.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T07:44:53.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.phoenix.com/security-notifications/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/811862"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "SecureCore\u2122 Technology\u2122 4",
          "vendor": "Phoenix",
          "versions": [
            {
              "status": "affected",
              "version": "4.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
            }
          ],
          "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-07-28T20:50:19.406Z",
        "orgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
        "shortName": "Phoenix"
      },
      "references": [
        {
          "url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
        },
        {
          "url": "https://www.kb.cert.org/vuls/id/811862"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
    "assignerShortName": "Phoenix",
    "cveId": "CVE-2023-5058",
    "datePublished": "2023-12-07T22:29:05.717Z",
    "dateReserved": "2023-09-18T21:36:23.632Z",
    "dateUpdated": "2025-07-28T20:50:19.406Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-5058",
      "date": "2026-06-07",
      "epss": "0.00043",
      "percentile": "0.13725"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-5058\",\"sourceIdentifier\":\"22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de\",\"published\":\"2023-12-07T23:15:07.490\",\"lastModified\":\"2025-09-25T21:17:13.403\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution.\"},{\"lang\":\"es\",\"value\":\"La validaci\u00f3n de entrada inadecuada en el procesamiento de la pantalla de presentaci\u00f3n proporcionada por el usuario durante el inicio del sistema en Phoenix SecureCore\u2122 Technology\u2122 4 potencialmente permite ataques de denegaci\u00f3n de servicio o ejecuci\u00f3n de c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:phoenixtech:securecore_technology:4.*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFBB3510-AFF0-4C04-BB87-5ACD5E41B752\"}]}]}],\"references\":[{\"url\":\"https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/\",\"source\":\"22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/811862\",\"source\":\"22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/811862\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.phoenix.com/security-notifications/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]},{\"url\":\"https://www.phoenix.com/security-notifications/cve-2023-5058/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Not Applicable\"]}]}}"
  }
}

BDU:2023-08475

Vulnerability from fstec - Published: 28.11.2023

Title

Уязвимость программного средства настройки BIOS Phoenix SecureCore Technology, связанная с ошибками при обработке пользовательской заставки во время загрузки системы, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Description

Уязвимость программного средства настройки BIOS Phoenix SecureCore Technology связана с ошибками при обработке пользовательской заставки во время загрузки системы. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании или выполнить произвольный код

Severity


                    
                      AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vendor

Phoenix Technologies Inc.

Software Name

Phoenix SecureCore Technology 4

Software Version

до 1.0.5 (Phoenix SecureCore Technology 4)

Possible Mitigations

Обновление программного обеспечения до версии 1.0.5 и выше

Reference

https://www.darkreading.com/endpoint-security/critical-logofail-bugs-secure-boot-bypass-millions-pcs https://webcache.googleusercontent.com/

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Phoenix Technologies Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 1.0.5 (Phoenix SecureCore Technology 4)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 1.0.5 \u0438 \u0432\u044b\u0448\u0435",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "28.11.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "06.12.2023",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "06.12.2023",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2023-08475",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2023-5058",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Phoenix SecureCore Technology 4",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 BIOS Phoenix SecureCore Technology, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0437\u0430\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 BIOS Phoenix SecureCore Technology \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u043e\u0439 \u0437\u0430\u0441\u0442\u0430\u0432\u043a\u0438 \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.darkreading.com/endpoint-security/critical-logofail-bugs-secure-boot-bypass-millions-pcs\nhttps://webcache.googleusercontent.com/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)"
}

FKIE_CVE-2023-5058

Vulnerability from fkie_nvd - Published: 2023-12-07 23:15 - Updated: 2025-09-25 21:17

Severity

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de	https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/	Vendor Advisory
22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de	https://www.kb.cert.org/vuls/id/811862	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.kb.cert.org/vuls/id/811862	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.phoenix.com/security-notifications/	Not Applicable
af854a3a-2127-422b-91ae-364da2661108	https://www.phoenix.com/security-notifications/cve-2023-5058/	Not Applicable

Impacted products

	Vendor	Product	Version
	phoenixtech	securecore_technology	4.*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:phoenixtech:securecore_technology:4.*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFBB3510-AFF0-4C04-BB87-5ACD5E41B752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
    },
    {
      "lang": "es",
      "value": "La validaci\u00f3n de entrada inadecuada en el procesamiento de la pantalla de presentaci\u00f3n proporcionada por el usuario durante el inicio del sistema en Phoenix SecureCore\u2122 Technology\u2122 4 potencialmente permite ataques de denegaci\u00f3n de servicio o ejecuci\u00f3n de c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2023-5058",
  "lastModified": "2025-09-25T21:17:13.403",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-07T23:15:07.490",
  "references": [
    {
      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058/"
    },
    {
      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.kb.cert.org/vuls/id/811862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.kb.cert.org/vuls/id/811862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.phoenix.com/security-notifications/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
    }
  ],
  "sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MPMX-6XXG-22W6

Vulnerability from github – Published: 2023-12-08 00:30 – Updated: 2025-07-28 21:31

Details

Severity

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2023-5058"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-07T23:15:07Z",
    "severity": "HIGH"
  },
  "details": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution.",
  "id": "GHSA-mpmx-6xxg-22w6",
  "modified": "2025-07-28T21:31:30Z",
  "published": "2023-12-08T00:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5058"
    },
    {
      "type": "WEB",
      "url": "https://phoenixtech.com/phoenix-security-notifications/cve-2023-5058"
    },
    {
      "type": "WEB",
      "url": "https://www.kb.cert.org/vuls/id/811862"
    },
    {
      "type": "WEB",
      "url": "https://www.phoenix.com/security-notifications"
    },
    {
      "type": "WEB",
      "url": "https://www.phoenix.com/security-notifications/cve-2023-5058"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2023-5058

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-5058

Aliases

CVE-2023-5058

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-5058",
    "id": "GSD-2023-5058"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-5058"
      ],
      "details": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution.",
      "id": "GSD-2023-5058",
      "modified": "2023-12-13T01:20:50.729015Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2023-5058",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SecureCore\u2122 Technology\u2122 4",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "not down converted",
                          "x_cve_json_5_version_data": {
                            "defaultStatus": "affected",
                            "versions": [
                              {
                                "status": "affected",
                                "version": "4.0"
                              }
                            ]
                          }
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Phoenix"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20 Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.phoenix.com/security-notifications/",
            "refsource": "MISC",
            "url": "https://www.phoenix.com/security-notifications/"
          },
          {
            "name": "https://www.phoenix.com/security-notifications/cve-2023-5058/",
            "refsource": "MISC",
            "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
          },
          {
            "name": "https://www.kb.cert.org/vuls/id/811862",
            "refsource": "MISC",
            "url": "https://www.kb.cert.org/vuls/id/811862"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:phoenix:securecore_technology:4.0:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D90CF945-7DC0-4E4A-9B87-FFC9B4C549C5",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore\u2122 Technology\u2122 4 potentially allows denial-of-service attacks or arbitrary code execution."
          },
          {
            "lang": "es",
            "value": "La validaci\u00f3n de entrada inadecuada en el procesamiento de la pantalla de presentaci\u00f3n proporcionada por el usuario durante el inicio del sistema en Phoenix SecureCore\u2122 Technology\u2122 4 potencialmente permite ataques de denegaci\u00f3n de servicio o ejecuci\u00f3n de c\u00f3digo arbitrario."
          }
        ],
        "id": "CVE-2023-5058",
        "lastModified": "2023-12-16T01:15:08.080",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2023-12-07T23:15:07.490",
        "references": [
          {
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "url": "https://www.kb.cert.org/vuls/id/811862"
          },
          {
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.phoenix.com/security-notifications/"
          },
          {
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "tags": [
              "Vendor Advisory"
            ],
            "url": "https://www.phoenix.com/security-notifications/cve-2023-5058/"
          }
        ],
        "sourceIdentifier": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-noinfo"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-20"
              }
            ],
            "source": "22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}

WID-SEC-W-2023-3068

Vulnerability from csaf_certbund - Published: 2023-12-06 23:00 - Updated: 2024-12-16 23:00

Summary

UEFI BIOS: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Das BIOS ist die Firmware bei IBM PC kompatiblen Computern. InsydeH2O UEFI BIOS ist eine proprietäre, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterstützt.

Angriff: Ein lokaler Angreifer kann mehrere Schwachstellen im UEFI BIOS verschiedener Hersteller ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - BIOS/Firmware

CVE-2023-39538

Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als "LogoFail" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zurückzuführen. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen oder einen Denial of Service Zustand herbeizuführen.

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

CVE-2023-39539

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

CVE-2023-40238

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

CVE-2023-5058

Affected products

Known affected 8 products

Product	Identifier	Version
Lenovo BIOS Lenovo	`cpe:/h:lenovo:bios:-`	—
Insyde UEFI Firmware kernel 5.5 <Version 05.53.47 Insyde / UEFI Firmware		kernel 5.5 <Version 05.53.47
Insyde UEFI Firmware kernel 5.4 <Version 05.45.47 Insyde / UEFI Firmware		kernel 5.4 <Version 05.45.47
Insyde UEFI Firmware kernel 5.6 <Version 05.60.47 Insyde / UEFI Firmware		kernel 5.6 <Version 05.60.47
Dell PowerScale <12.4.1 Dell / PowerScale		<12.4.1
HP Computer HP	`cpe:/h:hp:computer:-`	—
Insyde UEFI Firmware kernel 5.3 <Version 05.37.47 Insyde / UEFI Firmware		kernel 5.3 <Version 05.37.47
Insyde UEFI Firmware kernel 5.2 <Version 05.28.47 Insyde / UEFI Firmware		kernel 5.2 <Version 05.28.47

References

10 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://binarly.io/posts/finding_logofail_the_dan…	external
https://www.kb.cert.org/vuls/id/811862	external
https://www.insyde.com/security-pledge/SA-2023053	external
https://support.lenovo.com/us/en/product_security…	external
https://github.com/advisories/GHSA-87fm-wcxm-mcmx	external
https://github.com/advisories/GHSA-xhch-7j88-pg68	external
https://support.hp.com/us-en/document/ish_1083251…	external
https://www.dell.com/support/kbdoc/de-de/00026079…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Das BIOS ist die Firmware bei IBM PC kompatiblen Computern.\r\nInsydeH2O UEFI BIOS ist eine propriet\u00e4re, lizenzierte UEFI-BIOS-Firmware, die Intel und AMD basierte Computer unterst\u00fctzt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen im UEFI BIOS verschiedener Hersteller ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- BIOS/Firmware",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-3068 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-3068.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-3068 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-3068"
      },
      {
        "category": "external",
        "summary": "Binarly Research \"LogoFAIL\" vom 2023-12-06",
        "url": "https://binarly.io/posts/finding_logofail_the_dangers_of_image_parsing_during_system_boot/index.html"
      },
      {
        "category": "external",
        "summary": "CERT Coordination Center Vulnerability Note VU#811862 vom 2023-12-06",
        "url": "https://www.kb.cert.org/vuls/id/811862"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory 2023053 vom 2023-12-06",
        "url": "https://www.insyde.com/security-pledge/SA-2023053"
      },
      {
        "category": "external",
        "summary": "Lenovo Security Advisory LEN-145284 vom 2023-12-06",
        "url": "https://support.lenovo.com/us/en/product_security/LEN-145284"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-87fm-wcxm-mcmx vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-87fm-wcxm-mcmx"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-xhch-7j88-pg68 vom 2023-12-06",
        "url": "https://github.com/advisories/GHSA-xhch-7j88-pg68"
      },
      {
        "category": "external",
        "summary": "HP Security Bulletin HPSBHF03950 vom 2024-06-07",
        "url": "https://support.hp.com/us-en/document/ish_10832513-10832541-16/HPSBHF03950"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-455 vom 2024-12-16",
        "url": "https://www.dell.com/support/kbdoc/de-de/000260794/dsa-2024-455-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities"
      }
    ],
    "source_lang": "en-US",
    "title": "UEFI BIOS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-12-16T23:00:00.000+00:00",
      "generator": {
        "date": "2024-12-17T09:15:56.679+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2023-3068",
      "initial_release_date": "2023-12-06T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-12-06T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-06-30T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von HP aufgenommen"
        },
        {
          "date": "2024-12-16T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Dell aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c12.4.1",
                "product": {
                  "name": "Dell PowerScale \u003c12.4.1",
                  "product_id": "T039868"
                }
              },
              {
                "category": "product_version",
                "name": "12.4.1",
                "product": {
                  "name": "Dell PowerScale 12.4.1",
                  "product_id": "T039868-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:powerscale_onefs:12.4.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "PowerScale"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HP Computer",
            "product": {
              "name": "HP Computer",
              "product_id": "T031292",
              "product_identification_helper": {
                "cpe": "cpe:/h:hp:computer:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HP"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "kernel 5.2 \u003cVersion 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 \u003cVersion 05.28.47",
                  "product_id": "T031495"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.2 Version 05.28.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.2 Version 05.28.47",
                  "product_id": "T031495-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.2_version_05.28.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.3 \u003cVersion 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 \u003cVersion 05.37.47",
                  "product_id": "T031496"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.3 Version 05.37.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.3 Version 05.37.47",
                  "product_id": "T031496-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.3_version_05.37.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.4 \u003cVersion 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 \u003cVersion 05.45.47",
                  "product_id": "T031497"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.4 Version 05.45.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.4 Version 05.45.47",
                  "product_id": "T031497-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.4_version_05.45.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.5 \u003cVersion 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 \u003cVersion 05.53.47",
                  "product_id": "T031498"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.5 Version 05.53.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.5 Version 05.53.47",
                  "product_id": "T031498-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.5_version_05.53.47"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "kernel 5.6 \u003cVersion 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 \u003cVersion 05.60.47",
                  "product_id": "T031499"
                }
              },
              {
                "category": "product_version",
                "name": "kernel 5.6 Version 05.60.47",
                "product": {
                  "name": "Insyde UEFI Firmware kernel 5.6 Version 05.60.47",
                  "product_id": "T031499-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:kernel_5.6_version_05.60.47"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UEFI Firmware"
          }
        ],
        "category": "vendor",
        "name": "Insyde"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Lenovo BIOS",
            "product": {
              "name": "Lenovo BIOS",
              "product_id": "T005651",
              "product_identification_helper": {
                "cpe": "cpe:/h:lenovo:bios:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Lenovo"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-39538",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39538"
    },
    {
      "cve": "CVE-2023-39539",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-39539"
    },
    {
      "cve": "CVE-2023-40238",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-40238"
    },
    {
      "cve": "CVE-2023-5058",
      "notes": [
        {
          "category": "description",
          "text": "Im UEFI BIOS verschiedener Hersteller existieren mehrere Schwachstellen, die als \"LogoFail\" bekannt sind. Diese sind auf Fehler bei der Verarbeitung von Logo-Dateien im Boot-Prozess zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer mit erweiterten Privilegien kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T005651",
          "T031498",
          "T031497",
          "T031499",
          "T039868",
          "T031292",
          "T031496",
          "T031495"
        ]
      },
      "release_date": "2023-12-06T23:00:00.000+00:00",
      "title": "CVE-2023-5058"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-5058 (GCVE-0-2023-5058)

BDU:2023-08475

FKIE_CVE-2023-5058

GHSA-MPMX-6XXG-22W6

GSD-2023-5058

WID-SEC-W-2023-3068

Tags

Sightings

Nomenclature