Lucene search
HistoryAug 13, 2024 - 5:15 p.m.
CVE-2023-20518
asp
master encryption key
privileged attacker
bios
uefi shell
confidentiality loss
CVSS3
1.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS
0
Percentile
9.5%
Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.
Related
vulnrichment
vulnrichment
CVE-2023-20518
2024-08-13 16:52:55
cve
cve
CVE-2023-20518
2024-08-13 17:15:19
cvelist
cvelist
CVE-2023-20518
2024-08-13 16:52:55
amd
amd
Client Vulnerabilities – Aug 2024
2024-08-13 00:00:00
AMD Server Vulnerabilities – August 2024
2024-08-13 00:00:00
AMD Embedded Processors Vulnerabilities – Aug 2024
2024-08-13 00:00:00
CVSS3
1.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
EPSS
0
Percentile
9.5%
Related for NVD:CVE-2023-20518