A vulnerability exists in Phoenix SecureCore Technology 4, specifically in versions 4.0.1.0 prior to 4.0.1.1018, 4.1.0.1 prior to 4.1.0.573, 4.2.0.1 prior to 4.2.0.338, 4.2.1.1 prior to 4.2.1.300, 4.3.0.1 prior to 4.3.0.244, 4.3.1.1 prior to 4.3.1.187, 4.4.0.1 prior to 4.4.0.299, 4.5.0.1 prior to 4.5.0.231, 4.5.1.1 prior to 4.5.1.103, 4.5.5.1 prior to 4.5.5.36, and 4.6.0.1 prior to 4.6.0.67. This vulnerability allows for improper checking of unusual or exceptional conditions, leading to input data manipulation. The issue arises from unsafe handling of UEFI variables, which could result in unsafe memory access and potentially cause a temporary denial-of-service condition.
Exploitation of this vulnerability could lead to unsafe memory access, causing a temporary denial-of-service condition.
Patches for this vulnerability were made available to partners no later than November 2024. For device-specific information, contact the system manufacturer. It is recommended to update endpoint firmware to the latest available version to receive security vulnerability mitigations.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
