Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-20512

Summary
Assigner-AMD
Assigner Org ID-b58fc414-a1e4-4f92-9d70-1add41838648
Published At-13 Aug, 2024 | 16:52
Updated At-30 Oct, 2024 | 18:55
Rejected At-
Credits

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:AMD
Assigner Org ID:b58fc414-a1e4-4f92-9d70-1add41838648
Published At:13 Aug, 2024 | 16:52
Updated At:30 Oct, 2024 | 18:55
Rejected At:
▼CVE Numbering Authority (CNA)

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.

Affected Products
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ RX 6000 Series Graphics Cards
Default Status
affected
Versions
Unaffected
  • AMD Software: Adrenalin Edition 23.12.1 (23.30.13.01)
Vendor
Advanced Micro Devices, Inc.AMD
Product
AMD Radeon™ PRO W6000 Series Graphics Cards
Default Status
affected
Versions
Unaffected
  • AMD Software: PRO Edition 23.Q4 (23.30.13.03)
Metrics
VersionBase scoreBase severityVector
3.11.9LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Version: 3.1
Base score: 1.9
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@amd.com
Published At:13 Aug, 2024 | 17:15
Updated At:30 Oct, 2024 | 19:35

A hardcoded AES key in PMFW may result in a privileged attacker gaining access to the key, potentially resulting in internal debug information leakage.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.11.9LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 1.9
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-798Secondary134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE ID: CWE-798
Type: Secondary
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.htmlpsirt@amd.com
N/A
Hyperlink: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html
Source: psirt@amd.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2023-20518
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-1.9||LOW
EPSS-0.02% / 2.94%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:52
Updated-05 Nov, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incomplete cleanup in the ASP may expose the Master Encryption Key (MEK) to a privileged attacker with access to the BIOS menu or UEFI shell and a memory exfiltration vulnerability, potentially resulting in loss of confidentiality.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Ryzen™ Embedded V2000 Series ProcessorsAMD Ryzen™ Embedded 5000 Series ProcessorsAMD EPYC™ 9004 Series ProcessorsAMD Ryzen™ Embedded R2000 Series ProcessorsAMD Ryzen™ Threadripper™ PRO 3000WX Series ProcessorsAMD Ryzen™ 5000 Series Desktop Processor with Radeon™ GraphicsAMD Ryzen™ 3000 Series Desktop ProcessorsAMD Athlon™ 3000 Series Desktop Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Mobile Processors with Radeon™ GraphicsAMD Athlon™ 3000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 7020 Series Processors with Radeon™ GraphicsAMD Ryzen™ 5000 Series Desktop ProcessorsAMD Ryzen™ 7000 Series Desktop ProcessorsAMD Ryzen™ 5000 Series Mobile Processors with Radeon™ GraphicsAMD Ryzen™ 6000 Series Processors with Radeon™ GraphicsAMD Ryzen™ Threadripper™ PRO 5000WX ProcessorsAMD Ryzen™ 3000 Series Mobile Processor with Radeon™ GraphicsAMD Ryzen™ Embedded V1000 Series ProcessorsAMD Ryzen™ Embedded V3000 Series ProcessorsAMD Ryzen™ Embedded R1000 Series ProcessorsAMD Ryzen™ Threadripper™ 3000 Series ProcessorsAMD Ryzen™ 3000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 7035 Series Processors with Radeon™ GraphicsAMD Ryzen™ Embedded 7000 Series ProcessorsAMD Ryzen™ 5000 Series Processors with Radeon™ GraphicsAMD Ryzen™ 4000 Series Desktop Processors with Radeon™ Graphics
CWE ID-CWE-459
Incomplete Cleanup
CVE-2023-31305
Matching Score-8
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-8
Assigner-Advanced Micro Devices Inc.
CVSS Score-1.9||LOW
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-13 Aug, 2024 | 16:53
Updated-06 Nov, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.

Action-Not Available
Vendor-Advanced Micro Devices, Inc.
Product-AMD Radeon™ PRO W6000 Series Graphics CardsAMD Radeon™ RX 6000 Series Graphics Cards
CWE ID-CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
CVE-2024-29963
Matching Score-4
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-4
Assigner-Brocade Communications Systems, LLC
CVSS Score-1.9||LOW
EPSS-0.06% / 18.05%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 04:04
Updated-04 Feb, 2025 | 15:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Brocade SANnav contains hardcoded TLS keys used by Docker

Brocade SANnav OVA before v2.3.1, and v2.3.0a, contain hardcoded TLS keys used by Docker. Note: Brocade SANnav doesn't have access to remote Docker registries.

Action-Not Available
Vendor-Broadcom Inc.Brocade Communications Systems, Inc. (Broadcom Inc.)
Product-brocade_sannavBrocade SANnavsannav
CWE ID-CWE-798
Use of Hard-coded Credentials
Details not found