June 21, 2024 at 12:30PM A new UEFI firmware vulnerability (CVE-2024-0762, CVSSv3: 7.5) disclosed by Eclypsium affects Phoenix Technologies’ UEFI firmware, potentially impacting various Intel chip families back to Kaby Lake. Exploiting a Trusted Platform Module (TPM) configuration flaw, it poses a threat despite having a TPM in the device. Mitigations and patches have been … Read more
June 20, 2024 at 09:33AM A high-severity vulnerability, CVE-2024-0762 (dubbed UEFIcanhazbufferoverflow), was found in Phoenix Technologies’ SecureCore UEFI firmware, affecting multiple Intel processors. Eclypsium discovered the security hole, warning of potential escalation of privileges and code execution. Phoenix has addressed the issue, with device manufacturers deploying patches. Lenovo is also releasing fixes for affected computers. … Read more
May 9, 2024 at 07:09AM F5 announced patches for its BIG-IP Next Central Manager to fix five vulnerabilities allowing complete device control. Eclypsium found the vulnerabilities but only two have CVE identifiers. One patched vulnerability is high severity, enabling unauthenticated attackers to execute malicious SQL statements. F5 states no impact beyond Next Central Manager. Eclypsium … Read more