2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2023-1018" ,
"sourceIdentifier" : "cret@cert.org" ,
"published" : "2023-02-28T18:15:10.290" ,
2025-03-07 21:03:49 +00:00
"lastModified" : "2025-03-07T19:15:33.937" ,
2024-12-08 03:06:42 +00:00
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM."
}
] ,
"metrics" : {
"cvssMetricV31" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
2024-12-08 03:06:42 +00:00
"baseScore" : 5.5 ,
"baseSeverity" : "MEDIUM" ,
2023-04-24 12:24:31 +02:00
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
2024-12-08 03:06:42 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 3.6
2025-03-07 21:03:49 +00:00
} ,
{
"source" : "134c704f-9b21-4f2e-91b3-4a467353bcc0" ,
"type" : "Secondary" ,
"cvssData" : {
"version" : "3.1" ,
"vectorString" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" ,
"baseScore" : 5.5 ,
"baseSeverity" : "MEDIUM" ,
"attackVector" : "LOCAL" ,
"attackComplexity" : "LOW" ,
"privilegesRequired" : "LOW" ,
"userInteraction" : "NONE" ,
"scope" : "UNCHANGED" ,
"confidentialityImpact" : "HIGH" ,
"integrityImpact" : "NONE" ,
"availabilityImpact" : "NONE"
} ,
"exploitabilityScore" : 1.8 ,
"impactScore" : 3.6
2023-04-24 12:24:31 +02:00
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-125"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*" ,
"matchCriteriaId" : "AC453113-CAE8-44B0-8306-7BB854B77EB4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*" ,
"matchCriteriaId" : "6F43ED59-0C7E-4BBB-8931-4033AEC36269"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*" ,
"matchCriteriaId" : "2FC8BA48-73AA-483B-9276-A0605B15F22F"
}
]
}
]
2024-04-01 16:03:30 +00:00
} ,
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.10240.19805" ,
"matchCriteriaId" : "3FE6559F-B4C0-4188-86CB-4DB6FBB85A5C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.14393.5786" ,
"matchCriteriaId" : "93CEF0C6-6B6E-4157-A763-89F570FE0AB7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.17763.4131" ,
"matchCriteriaId" : "3001E324-7A3C-4EEB-86DC-E79471F752BD"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.19042.2728" ,
"matchCriteriaId" : "579AE0F1-E226-4504-9BF8-05E7BAE682D7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.19044.2728" ,
"matchCriteriaId" : "D41F5E5B-D344-41B1-A160-8118DDB623C3"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.19045.2728" ,
"matchCriteriaId" : "BA59AB71-F8C7-49B0-AD2F-F9C00D82C85A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.22000.1696" ,
"matchCriteriaId" : "6D06089A-31F7-44C7-98CB-216ABAD280A4"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*" ,
"versionEndExcluding" : "10.0.22621.1413" ,
"matchCriteriaId" : "7BB45E5C-C74C-46B1-BE64-4EF90075A3CC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "10.0.14393.5786" ,
"matchCriteriaId" : "40EFB742-9414-4585-A71E-4316D488BFA7"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "10.0.17763.4131" ,
"matchCriteriaId" : "D19233CA-3830-499D-A4C0-2C023C8AD700"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*" ,
"versionEndExcluding" : "10.0.20348.1607" ,
"matchCriteriaId" : "BA73D25B-EB4C-4493-9C79-4F4E181FF95B"
}
]
}
]
2023-04-24 12:24:31 +02:00
}
] ,
"references" : [
{
"url" : "https://kb.cert.org/vuls/id/782720" ,
"source" : "cret@cert.org" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource"
]
} ,
{
"url" : "https://trustedcomputinggroup.org/about/security/" ,
"source" : "cret@cert.org" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf" ,
"source" : "cret@cert.org" ,
"tags" : [
"Vendor Advisory"
]
2024-12-08 03:06:42 +00:00
} ,
{
"url" : "https://kb.cert.org/vuls/id/782720" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Third Party Advisory" ,
"US Government Resource"
]
} ,
{
"url" : "https://trustedcomputinggroup.org/about/security/" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
} ,
{
"url" : "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Vendor Advisory"
]
2023-04-24 12:24:31 +02:00
}
]
}
