3.3
CVE-2023-20570
- EPSS 0.03%
- Published 13.02.2024 18:15:47
- Last modified 22.03.2025 15:15:35
- Source psirt@amd.com
- Teams watchlist Login
- Open Login
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.
Data is provided by the National Vulnerability Database (NVD)
Amd ≫ Alveo U50 Firmware Version-
Amd ≫ Alveo U200 Firmware Version-
Amd ≫ Alveo U250 Firmware Version-
Amd ≫ Alveo U280 Firmware Version-
Amd ≫ Kintex Ultrascale Ku025 Firmware Version-
Amd ≫ Kintex Ultrascale Ku035 Firmware Version-
Amd ≫ Kintex Ultrascale Ku040 Firmware Version-
Amd ≫ Kintex Ultrascale Ku060 Firmware Version-
Amd ≫ Kintex Ultrascale Ku085 Firmware Version-
Amd ≫ Kintex Ultrascale Ku095 Firmware Version-
Amd ≫ Kintex Ultrascale Ku115 Firmware Version-
Amd ≫ Virtex Ultrascale Xcvu065 Firmware Version-
Amd ≫ Virtex Ultrascale Xcvu080 Firmware Version-
Amd ≫ Virtex Ultrascale Xcvu095 Firmware Version-
Amd ≫ Virtex Ultrascale Xcvu125 Firmware Version-
Amd ≫ Virtex Ultrascale Xcvu160 Firmware Version-
Amd ≫ Virtex Ultrascale Xcvu190 Firmware Version-
Amd ≫ Virtex Ultrascale Xcvu440 Firmware Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.054 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 3.3 | 1.8 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
|
CWE-345 Insufficient Verification of Data Authenticity
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.