CVE-2023-31100: Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects...

8.4 CVSS

Description

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification.
This issue affects SecureCore™ Technology™ 4:

* from 4.3.0.0 before 4.3.0.203
*

from

4.3.1.0 before 4.3.1.163
*

from

4.4.0.0 before 4.4.0.217
*

from

4.5.0.0 before 4.5.0.138

Classification

CVE ID: CVE-2023-31100

CVSS Base Severity: HIGH

CVSS Base Score: 8.4

Affected Products

Vendor: Phoenix

Product: SecureCore™ Technology™ 4

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.phoenix.com/security-notifications/

Timeline

2024-12-03 00:11:15 UTC
CVE

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects...