CVE-2024-29979— Unsafe Handling of Phoenix UEFI Variables
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-29979
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsafe Handling of Phoenix UEFI Variables
Source: NVD (National Vulnerability Database)
Vulnerability Description
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ for Intel Kaby Lake: before 4.0.1.1012; SecureCore™ for Intel Coffee Lake: before 4.1.0.568; SecureCore™ for Intel Comet Lake: before 4.2.1.292; SecureCore™ for Intel Ice Lake: before 4.2.0.334.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
对因果或异常条件的不恰当检查
Source: NVD (National Vulnerability Database)
Vulnerability Title
Phoenix SecureCore 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Phoenix SecureCore是德国菲尼克斯电气(Phoenix)公司的一个计算机基础输入/输出系统。 Phoenix SecureCore存在代码问题漏洞,该漏洞源于异常或异常情况检查不当,允许输入数据操纵。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Phoenix | SecureCore™ for Intel Kaby Lake | 0 ~ 4.0.1.1012 | - | |
| Phoenix | SecureCore™ for Intel Coffee Lake | 0 ~ 4.1.0.568 | - | |
| Phoenix | SecureCore™ for Intel Comet Lake | 0 ~ 4.2.1.292 | - | |
| Phoenix | SecureCore™ for Intel Ice Lake | 0 ~ 4.2.0.334 | - |
II. Public POCs for CVE-2024-29979
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-29979
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-754
- CVE-2026-41662
Admidio: Missing Minimum Administrator Check in Role Members - CVE-2026-35225
Improper timeout handling in CODESYS EtherNetIP - CVE-2026-35366
uutils coreutils printenv Security Inspection Bypass via UTF - CVE-2026-40343
free5GC UDR: Fail-open handling in PolicyDataSubsToNotifyPos - CVE-2026-40249
free5gc UDR fail-open request handling in PolicyDataSubsToNo
V. Comments for CVE-2024-29979
No comments yet