Description
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCore™ Technology™ 4 potentially allows denial-of-service attacks or arbitrary code execution.
References (4)
Core 4
Core References
Third Party Advisory
https://www.kb.cert.org/vuls/id/811862
Not Applicable
https://www.phoenix.com/security-notifications/
Scores
CVSS v3
7.8
EPSS
0.0027
EPSS Percentile
18.6%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (1)
phoenixtech/securecore_technology
4.*
Published
Dec 07, 2023
Tracked Since
Feb 18, 2026