Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K32412503
HistoryNov 14, 2019 - 12:00 a.m.

K32412503 : Trusted Platform Module vulnerabilities CVE-2019-11090 and CVE-2019-16863

2019-11-1400:00:00
my.f5.com
35

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

71.5%

JSON

Security Advisory Description

Cryptographic timing conditions in the subsystem for Intel® PTT before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45, 13.0.0 and 14.0.10; Intel® TXE 3.1.70 and 4.0.20; Intel® SPS before versions SPS_E5_04.01.04.305.0, SPS_SoC-X_04.00.04.108.0, SPS_SoC-A_04.00.04.191.0, SPS_E3_04.01.04.086.0, SPS_E3_04.08.04.047.0 may allow an unauthenticated user to potentially enable information disclosure via network access.

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

Impact

There is no impact; F5 products are not affected by this vulnerability.

Related

thn 1
cve 2
redhatcve 2
prion 2
lenovo 4
symantec 1
mscve 1
nessus 1
intel 1
hp 1
thn
thn
Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices
2019-11-13 09:29:00
cve
cve
CVE-2019-11090
2019-12-18 22:15:00
CVE-2019-16863
2019-11-14 03:15:00
redhatcve
redhatcve
CVE-2019-11090
2020-01-08 23:38:58
CVE-2019-16863
2020-01-08 23:38:58
prion
prion
Code injection
2019-11-14 03:15:00
Information disclosure
2019-12-18 22:15:00
lenovo
lenovo
ST Microelectronics TPM Firmware ECDSA Signature Generation Vulnerability - Lenovo Support US
2019-11-09 13:22:37
ST Microelectronics TPM Firmware ECDSA Signature Generation Vulnerability - Lenovo Support US
2019-11-09 13:22:37
Intel CSME, Server Platform Services, Trusted Execution Engine, Intel Active Management Technology and Dynamic Application Loader Vulnerabilities - Lenovo Support US
2019-11-04 16:25:26
symantec
symantec
Trusted Platform Module CVE-2019-16863 Unspecified Security Vulnerability
2019-11-12 00:00:00
mscve
mscve
Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
2019-11-12 08:00:00
nessus
nessus
Juniper Junos NFX150 Multiple Vulnerabilities (JSA11026)
2020-07-28 00:00:00
intel
intel
2019.2 IPU – Intel® CSME, Intel® SPS, Intel® TXE, Intel® AMT, Intel® PTT and Intel® DAL Advisory
2019-01-09 00:00:00
hp
hp
HPSBHF03637 rev. 3 - Intel 2019.2 IPU CSME SPS TXE AMT Security Updates
2019-11-09 00:00:00

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

71.5%

JSON
Related for F5:K32412503
thn1cve2redhatcve2prion2lenovo4symantec1mscve1nessus1intel1hp1