Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistAMDCVELIST:CVE-2023-20526
HistoryNov 14, 2023 - 6:52 p.m.

CVE-2023-20526

2023-11-1418:52:41
AMD
www.cve.org
7
asp bootloader
input validation
memory exposure
confidentiality
physical access

CVSS3

1.9

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON

Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "AMD Ryzen™ Threadripper™ 2000 Series Processors “Colfax”",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "1st Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "2nd Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "packageName": "PI",
    "platforms": [
      "x86"
    ],
    "product": "3rd Gen AMD EPYC™ Processors",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC™  Embedded 3000",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC™  Embedded 7002",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "AMD EPYC™  Embedded 7003",
    "vendor": "AMD",
    "versions": [
      {
        "status": "affected",
        "version": "various"
      }
    ]
  }
]

Related

prion 1
nvd 1
cve 1
osv 2
amd 3
openvas 3
nessus 2
prion
prion
Input validation
2023-11-14 19:15:00
nvd
nvd
CVE-2023-20526
2023-11-14 19:15:15
cve
cve
CVE-2023-20526
2023-11-14 19:15:15
osv
osv
kernel-firmware-all-20231128-1.1 on GA media
2024-06-15 00:00:00
Security update for kernel-firmware
2024-07-09 17:20:51
amd
amd
AMD Server Vulnerabilities – Nov 2023
2023-11-14 00:00:00
AMD Client Vulnerabilities – November 2023
2023-11-14 00:00:00
AMD Embedded Processors Vulnerabilities – February 2024
2024-02-13 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4654-1)
2023-12-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4665-1)
2023-12-07 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4655-1)
2023-12-07 00:00:00
nessus
nessus
SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4654-1)
2023-12-07 00:00:00
SUSE SLES15 Security Update : kernel-firmware (SUSE-SU-2023:4665-1)
2023-12-07 00:00:00

CVSS3

1.9

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N

AI Score

6.7

Confidence

Low

EPSS

0.001

Percentile

20.7%

JSON
Related for CVELIST:CVE-2023-20526
prion1nvd1cve1osv2amd3openvas3nessus2