CVE-2023-20526
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/11/2023
Last modified:
18/06/2024
Description
Insufficient input validation in the ASP Bootloader may enable a privileged attacker with physical access to expose the contents of ASP memory potentially leading to a loss of confidentiality.
Impact
Base Score 3.x
4.60
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:amd:epyc_7001_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7001:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7251_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7251:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7261_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7261:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7281_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7281:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7301_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7301:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7351_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7351:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7351p_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) | |
| cpe:2.3:h:amd:epyc_7351p:-:*:*:*:*:*:*:* | ||
| cpe:2.3:o:amd:epyc_7371_firmware:*:*:*:*:*:*:*:* | naplespi_1.0.0.h (excluding) |
To consult the complete list of CPE names with products and versions, see this page