Lucene search

MitreCVE-2019-9836

HistoryJun 25, 2019 - 9:15 p.m.

CVE-2019-9836

2019-06-2521:15:09

CWE-327

mitre

web.nvd.nist.gov

239

cve-2019-9836

sev

amd

platform security processor

psp

amd-sp

cryptographic implementation

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.005

Percentile

76.5%

JSON

Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.

Affected configurations

Nvd

Node

amdsecure_encrypted_virtualization_firmwareRange≤0.17b11

AND

amdepyc_7251Match-

amdepyc_7261Match-

amdepyc_7281Match-

amdepyc_7301Match-

amdepyc_7351Match-

amdepyc_7351pMatch-

amdepyc_7371Match-

amdepyc_7401Match-

amdepyc_7401pMatch-

amdepyc_7451Match-

amdepyc_7501Match-

amdepyc_7551Match-

amdepyc_7551pMatch-

amdepyc_7601Match-

Node

opensuseleapMatch15.0

opensuseleapMatch15.1

VendorProductVersionCPE
amdsecure_encrypted_virtualization_firmware*cpe:2.3:o:amd:secure_encrypted_virtualization_firmware:*:*:*:*:*:*:*:*
amdepyc_7251-cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:*
amdepyc_7261-cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:*
amdepyc_7281-cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:*
amdepyc_7301-cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:*
amdepyc_7351-cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:*
amdepyc_7351p-cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:*
amdepyc_7371-cpe:2.3:h:amd:epyc_7371:-:*:*:*:*:*:*:*
amdepyc_7401-cpe:2.3:h:amd:epyc_7401:-:*:*:*:*:*:*:*
amdepyc_7401p-cpe:2.3:h:amd:epyc_7401p:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
amd	secure_encrypted_virtualization_firmware	*	cpe:2.3:o:amd:secure_encrypted_virtualization_firmware::::::::
amd	epyc_7251	-	cpe:2.3:h:amd:epyc_7251:-:::::::*
amd	epyc_7261	-	cpe:2.3:h:amd:epyc_7261:-:::::::*
amd	epyc_7281	-	cpe:2.3:h:amd:epyc_7281:-:::::::*
amd	epyc_7301	-	cpe:2.3:h:amd:epyc_7301:-:::::::*
amd	epyc_7351	-	cpe:2.3:h:amd:epyc_7351:-:::::::*
amd	epyc_7351p	-	cpe:2.3:h:amd:epyc_7351p:-:::::::*
amd	epyc_7371	-	cpe:2.3:h:amd:epyc_7371:-:::::::*
amd	epyc_7401	-	cpe:2.3:h:amd:epyc_7401:-:::::::*
amd	epyc_7401p	-	cpe:2.3:h:amd:epyc_7401p:-:::::::*