Vulnerabilities > CVE-2019-18279 - Unspecified vulnerability in Phoenix Securecore Technology 1.1.12.0/1.5.74.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 2 |
References
- https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/
- https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/
- https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf
- https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf
- https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf
- https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf