CVE Catalog

CVE-2023-20572

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

2th percentile — higher than 2% of all known CVEs

Summary

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

Risk Assessment

The risk involves potential data integrity loss as a privileged attacker could manipulate authenticated messages processed by the ASP.

Recommendation

Apply security patches provided by the vendor (AMD) and monitor systems for unusual activity related to the ASP.

Original NVD description (English source)

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS