PT-2019-6410 · Phoenix · Phoenix Sct Winflash
Published
2019-08-10
·
Updated
2024-10-15
·
CVE-2019-18279
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Phoenix SCT WinFlash versions 1.1.12.0 through 1.5.74.0
Description
The issue is related to the included drivers in Phoenix SCT WinFlash, which could be used by a malicious Windows application to gain elevated privileges. The adverse impacts are limited to the Windows environment, and there is no known direct impact to the UEFI firmware. This issue was fixed in late June 2019.
Recommendations
For Phoenix SCT WinFlash versions 1.1.12.0 through 1.5.74.0, update to a version released after late June 2019 to resolve the issue.
At the moment, there is no information about additional mitigation measures for this vulnerability.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phoenix Sct Winflash