CVE-2019-16863
Severity Score
5.9
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
Los dispositivos STMicroelectronics ST33TPHF2ESPI TPM antes del 12-09-2019, permiten a atacantes extraer la clave privada ECDSA por medio de un ataque de sincronización de canal lateral porque la multiplicación escalar de ECDSA es manejada inapropiadamente, también se conoce como TPM-FAIL.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-09-24 CVE Reserved
- 2019-11-14 CVE Published
- 2024-08-05 CVE Updated
- 2024-11-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-203: Observable Discrepancy
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://tpm.fail | Third Party Advisory | |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024 | Third Party Advisory |
|
| https://support.f5.com/csp/article/K32412503?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm | |
| https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us | Third Party Advisory | |
| https://support.lenovo.com/us/en/product_security/LEN-29406 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.st.com/content/st_com/en/campaigns/tpm-update.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| St Search vendor "St" | St33tphf2espi Firmware Search vendor "St" for product "St33tphf2espi Firmware" | 71.0 Search vendor "St" for product "St33tphf2espi Firmware" and version "71.0" | - |
Affected
| in | St Search vendor "St" | St33tphf2espi Search vendor "St" for product "St33tphf2espi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf2espi Firmware Search vendor "St" for product "St33tphf2espi Firmware" | 71.4 Search vendor "St" for product "St33tphf2espi Firmware" and version "71.4" | - |
Affected
| in | St Search vendor "St" | St33tphf2espi Search vendor "St" for product "St33tphf2espi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf2espi Firmware Search vendor "St" for product "St33tphf2espi Firmware" | 71.12 Search vendor "St" for product "St33tphf2espi Firmware" and version "71.12" | - |
Affected
| in | St Search vendor "St" | St33tphf2espi Search vendor "St" for product "St33tphf2espi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf2espi Firmware Search vendor "St" for product "St33tphf2espi Firmware" | 73.0 Search vendor "St" for product "St33tphf2espi Firmware" and version "73.0" | - |
Affected
| in | St Search vendor "St" | St33tphf2espi Search vendor "St" for product "St33tphf2espi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf2espi Firmware Search vendor "St" for product "St33tphf2espi Firmware" | 73.4 Search vendor "St" for product "St33tphf2espi Firmware" and version "73.4" | - |
Affected
| in | St Search vendor "St" | St33tphf2espi Search vendor "St" for product "St33tphf2espi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf2espi Firmware Search vendor "St" for product "St33tphf2espi Firmware" | 73.8 Search vendor "St" for product "St33tphf2espi Firmware" and version "73.8" | - |
Affected
| in | St Search vendor "St" | St33tphf2espi Search vendor "St" for product "St33tphf2espi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf2ei2c Firmware Search vendor "St" for product "St33tphf2ei2c Firmware" | 73.5 Search vendor "St" for product "St33tphf2ei2c Firmware" and version "73.5" | - |
Affected
| in | St Search vendor "St" | St33tphf2ei2c Search vendor "St" for product "St33tphf2ei2c" | - | - |
Safe
|
| St Search vendor "St" | St33tphf2ei2c Firmware Search vendor "St" for product "St33tphf2ei2c Firmware" | 73.9 Search vendor "St" for product "St33tphf2ei2c Firmware" and version "73.9" | - |
Affected
| in | St Search vendor "St" | St33tphf2ei2c Search vendor "St" for product "St33tphf2ei2c" | - | - |
Safe
|
| St Search vendor "St" | St33tphf20spi Firmware Search vendor "St" for product "St33tphf20spi Firmware" | 74.0 Search vendor "St" for product "St33tphf20spi Firmware" and version "74.0" | - |
Affected
| in | St Search vendor "St" | St33tphf20spi Search vendor "St" for product "St33tphf20spi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf20spi Firmware Search vendor "St" for product "St33tphf20spi Firmware" | 74.4 Search vendor "St" for product "St33tphf20spi Firmware" and version "74.4" | - |
Affected
| in | St Search vendor "St" | St33tphf20spi Search vendor "St" for product "St33tphf20spi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf20spi Firmware Search vendor "St" for product "St33tphf20spi Firmware" | 74.8 Search vendor "St" for product "St33tphf20spi Firmware" and version "74.8" | - |
Affected
| in | St Search vendor "St" | St33tphf20spi Search vendor "St" for product "St33tphf20spi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf20spi Firmware Search vendor "St" for product "St33tphf20spi Firmware" | 74.16 Search vendor "St" for product "St33tphf20spi Firmware" and version "74.16" | - |
Affected
| in | St Search vendor "St" | St33tphf20spi Search vendor "St" for product "St33tphf20spi" | - | - |
Safe
|
| St Search vendor "St" | St33tphf20i2c Firmware Search vendor "St" for product "St33tphf20i2c Firmware" | 74.5 Search vendor "St" for product "St33tphf20i2c Firmware" and version "74.5" | - |
Affected
| in | St Search vendor "St" | St33tphf20i2c Search vendor "St" for product "St33tphf20i2c" | - | - |
Safe
|
| St Search vendor "St" | St33tphf20i2c Firmware Search vendor "St" for product "St33tphf20i2c Firmware" | 74.9 Search vendor "St" for product "St33tphf20i2c Firmware" and version "74.9" | - |
Affected
| in | St Search vendor "St" | St33tphf20i2c Search vendor "St" for product "St33tphf20i2c" | - | - |
Safe
|