CVE-2023-31100

Published: Nov 15, 2023Modified: Sep 25, 2025

7.1

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Exploitability: 1.8 / Impact: 5.2

Source: NVD

Description

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: * from 4.3.0.0 before 4.3.0.203 * from 4.3.1.0 before 4.3.1.163 * from 4.4.0.0 before 4.4.0.217 * from 4.5.0.0 before 4.5.0.138

Affected (4)

Products: Phoenixtech: Securecore Technology

Phoenixtech

1 product

Securecore Technology

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Phoenixtech Securecore Technology	From 4.3.0.0 to 4.3.0.203
Phoenixtech Securecore Technology	From 4.3.1.0 to 4.3.1.163
Phoenixtech Securecore Technology	From 4.4.0.0 to 4.4.0.217
Phoenixtech Securecore Technology	From 4.5.0.0 to 4.5.0.138

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (2)

https://phoenixtech.com/phoenix-security-notifications/cve-2023-31100/

Source: 22d9ba52-f336-4b0d-bf1f-0efbdcc3c1de

Vendor Advisory

https://www.phoenix.com/security-notifications/

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.