CVE-2023-20518

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-20518
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.

1.9 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3003.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-5002.html
Configurations

No configuration.

History

05 Nov 2024, 17:35

Type Values Removed Values Added
CWE CWE-459
Summary
  • (es) Una limpieza incompleta en la ASP puede exponer la clave de cifrado maestra (MEK) a un atacante privilegiado con acceso al menú del BIOS o al shell UEFI y una vulnerabilidad de filtración de memoria, lo que podría provocar una pérdida de confidencialidad.

13 Aug 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-08-13 17:15

Updated : 2024-11-05 17:35

NVD link : CVE-2023-20518

Mitre link : CVE-2023-20518

CVE.ORG link : CVE-2023-20518

JSON object : View

Products Affected

No product.

CWE
CWE-459

Incomplete Cleanup


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024