CVE-2019-18279
First published: Wed Nov 13 2019(Updated: )
In Phoenix SCT WinFlash 1.1.12.0 through 1.5.74.0, the included drivers could be used by a malicious Windows application to gain elevated privileges. Adverse impacts are limited to the Windows environment and there is no known direct impact to the UEFI firmware. This was fixed in late June 2019.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phoenix SecureCore Technology | >=1.1.12.0<=1.5.74.0 | |
| Phoenix SecureCore Technology | >=1.1.12.0<=1.5.74.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-18279?
CVE-2019-18279 is a vulnerability in Phoenix SCT WinFlash versions 1.1.12.0 through 1.5.74.0 that allows a malicious Windows application to gain elevated privileges.
What is the severity of CVE-2019-18279?
CVE-2019-18279 has a severity rating of 8.8 (high).
How can CVE-2019-18279 be exploited?
CVE-2019-18279 can be exploited by a malicious Windows application using the included drivers in Phoenix SCT WinFlash versions 1.1.12.0 through 1.5.74.0.
Is UEFI firmware affected by CVE-2019-18279?
There is no known direct impact to the UEFI firmware from CVE-2019-18279.
Has CVE-2019-18279 been fixed?
CVE-2019-18279 was fixed in late June 2019.
- agent/author
- agent/type
- agent/references
- agent/severity
- agent/event
- agent/first-publish-date
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/phoenix
- canonical/phoenix securecore technology
- version/phoenix securecore technology/1.1.12.0
- version/phoenix securecore technology/1.5.74.0