Vulnerability Details : CVE-2021-45454

Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon.

Vulnerability category: Information leak

Published 2022-08-17 13:15:08

Updated 2023-03-01 19:01:49

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-45454

Probability of exploitation activity in the next 30 days: 0.18%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 55 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

Assigned by: [email protected] (Primary)

Amperecomputing » Ampere Altra Max Firmware
Versions before (<) 2.05
cpe:2.3:o:amperecomputing:ampere_altra_max_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Amperecomputing » Ampere Altra Max » Version: N/A
Amperecomputing » Ampere Altra Firmware
Versions before (<) 1.08b
cpe:2.3:o:amperecomputing:ampere_altra_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Amperecomputing » Ampere Altra » Version: N/A