Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-16863
HistoryNov 14, 2019 - 3:15 a.m.

CVE-2019-16863

2019-11-1403:15:11
CWE-327
CWE-203
[email protected]
web.nvd.nist.gov
54
stmicroelectronics
tpm
vulnerability
side-channel timing attack
nvd
security

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON

STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.

Affected configurations

NVD
Node
stst33tphf2espi_firmwareMatch71.0
OR
stst33tphf2espi_firmwareMatch71.4
OR
stst33tphf2espi_firmwareMatch71.12
OR
stst33tphf2espi_firmwareMatch73.0
OR
stst33tphf2espi_firmwareMatch73.4
OR
stst33tphf2espi_firmwareMatch73.8
AND
stst33tphf2espiMatch-
Node
stst33tphf2ei2c_firmwareMatch73.5
OR
stst33tphf2ei2c_firmwareMatch73.9
AND
stst33tphf2ei2cMatch-
Node
stst33tphf20spi_firmwareMatch74.0
OR
stst33tphf20spi_firmwareMatch74.4
OR
stst33tphf20spi_firmwareMatch74.8
OR
stst33tphf20spi_firmwareMatch74.16
AND
stst33tphf20spiMatch-
Node
stst33tphf20i2cMatch-
AND
stst33tphf20i2c_firmwareMatch74.5
OR
stst33tphf20i2c_firmwareMatch74.9

Related

prion 1
nvd 1
lenovo 2
symantec 1
redhatcve 1
mscve 1
cvelist 1
thn 1
f5 1
prion
prion
Code injection
2019-11-14 03:15:00
nvd
nvd
CVE-2019-16863
2019-11-14 03:15:11
lenovo
lenovo
ST Microelectronics TPM Firmware ECDSA Signature Generation Vulnerability - Lenovo Support US
2019-11-09 13:22:37
ST Microelectronics TPM Firmware ECDSA Signature Generation Vulnerability - Lenovo Support US
2019-11-09 13:22:37
symantec
symantec
Trusted Platform Module CVE-2019-16863 Unspecified Security Vulnerability
2019-11-12 00:00:00
redhatcve
redhatcve
CVE-2019-16863
2020-01-08 23:38:58
mscve
mscve
Microsoft Guidance for Vulnerability in Trusted Platform Module (TPM)
2019-11-12 08:00:00
cvelist
cvelist
CVE-2019-16863
2019-11-14 02:07:52
thn
thn
Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices
2019-11-13 09:29:00
f5
f5
K32412503 : Trusted Platform Module vulnerabilities CVE-2019-11090 and CVE-2019-16863
2019-11-14 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

78.2%

JSON
Related for CVE-2019-16863
prion1nvd1lenovo2symantec1redhatcve1mscve1cvelist1thn1f51