CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore Technology 4 allows SPI flash modification.
This issue affects SecureCore Technology 4:


  *  from 4.3.0.0 before 4.3.0.203
  *  

from 

4.3.1.0 before 4.3.1.163
  *  

from 

4.4.0.0 before 4.4.0.217
  *  

from 

4.5.0.0 before 4.5.0.138
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
PhoenixCNA
8.4 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 16%
VendorProductVersion
phoenixsecurecore_technology
4.3.0.0 ≤
𝑥
< 4.3.0.203
phoenixsecurecore_technology
4.3.1.0 ≤
𝑥
< 4.3.1.163
phoenixsecurecore_technology
4.4.0.0 ≤
𝑥
< 4.4.0.217
phoenixsecurecore_technology
4.5.0.0 ≤
𝑥
< 4.5.0.138
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.phoenix.com/security-notifications/
https://www.phoenix.com/security-notifications/