← Retour aux CVEs

CVE-2019-18279

HIGH

8.8

Description

In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.

Details CVE

Score CVSS v3.18.8

SeveriteHIGH

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurREQUIRED

Publie11/13/2019

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

phoenix:securecore_technology

References

https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/(cve@mitre.org)

https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf(cve@mitre.org)

https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf(cve@mitre.org)

https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/(af854a3a-2127-422b-91ae-364da2661108)

https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.