CVE Catalog

CVE-2023-20540

LowCVSS 1.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

Risk Assessment

The risk involves potential data integrity compromise in systems using ASP, which could lead to unauthorized data modifications or forgery.

Recommendation

It is recommended to apply security patches provided by the vendor (AMD) and restrict privileged access to systems using ASP.

Original NVD description (English source)

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS