CVE-2023-31305
Global infos:
Generation of weak and predictable Initialization Vector (IV) in PMFW (Power Management Firmware) may allow an attacker with privileges to reuse IV values to reverse-engineer debug data, potentially resulting in information disclosure.
CVE Status: Awaiting Analysis
References:
Metrics:
| Attribute | Value |
|---|---|
| Attack Complexity | HIGH |
| Attack Vector | LOCAL |
| Availability Impact | NONE |
| Base Score | 1.9 |
| Base Severity | LOW |
| Confidentiality Impact | LOW |
| Integrity Impact | NONE |
| Privileges Required | HIGH |
| Scope | UNCHANGED |
| User Interaction | NONE |
| Vector String | CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N |
| Exploitability Score | 0.5 |
| Impact Score | 1.4 |
| Source | [email protected] |
| Type | Secondary |