CVE-2019-18279
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
En Phoenix SCT WinFlash versiones 1.1.12.0 hasta 1.5.74.0, los controladores incluidos podrían ser utilizados por una aplicación maliciosa de Windows para alcanzar privilegios elevados. Los impactos adversos están limitados al entorno de Windows y no se conoce un impacto directo en el firmware UEFI. Esto fue solucionado a finales de junio de 2019.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-10-23 CVE Reserved
- 2019-11-13 CVE Published
- 2024-10-15 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered | Third Party Advisory | |
| https://eclypsium.com/wp-content/uploads/2019/08/EXTERNAL-Get-off-the-kernel-if-you-cant-drive-DEFCON27.pdf | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.phoenix.com/content/uploads/Security-Newsletter-September-2019.pdf | 2023-12-08 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phoenix Search vendor "Phoenix" | Securecore Technology Search vendor "Phoenix" for product "Securecore Technology" | >= 1.1.12.0 <= 1.5.74.0 Search vendor "Phoenix" for product "Securecore Technology" and version " >= 1.1.12.0 <= 1.5.74.0" | - |
Affected
| ||||||