What is the CVSS score of CVE-2023-20599?

CVE-2023-20599 has a CVSS 3.1 base score of 7.9 (High). CVSS vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N. EPSS exploitation probability: 0.0%.

Which versions of ASP are affected by CVE-2023-20599?

CVE-2023-20599 poses a HIGH risk to organizations using AMD EPYC processors, as a privileged attacker could exploit improper register access controls to compromise cryptographic keys stored in the…

How to fix or mitigate CVE-2023-20599?

Within 24 hours: Inventory all systems running affected AMD EPYC processors and identify those handling sensitive cryptographic operations or data. Within 7 days: Implement network segmentation to restrict privileged access and audit administrator accounts for unauthorized activity; contact AMD and your hardware vendor for guidance on microcode patches and firmware updates. Within 30 days: Deploy any available firmware/microcode updates from your system vendor; conduct a cryptographic key rotation for systems that may have been exposed; perform forensic analysis on privileged access logs to detect potential exploitation.

ASP CVE-2023-20599

EUVD-2023-24778 HIGH

Improper Access Control for Register Interface (CWE-1262)

2025-06-10 psirt@amd.com

Privilege Escalation Information Disclosure

7.9

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Lifecycle Timeline

EUVD ID Assigned

Mar 14, 2026 - 19:49 euvd

EUVD-2023-24778

Analysis Generated

Mar 14, 2026 - 19:49 vuln.today

CVE Published

Jun 10, 2025 - 17:17 nvd

HIGH 7.9

DescriptionNVD

Improper register access control in ASP may allow a privileged attacker to perform unauthorized access to ASP’s Crypto Co-Processor (CCP) registers from x86 resulting in potential loss of control of cryptographic key pointer/index leading to loss of integrity or confidentiality.

AnalysisAI

CVE-2023-20599 is an improper register access control vulnerability in AMD's ASP (AMD Secure Processor) that allows a privileged local attacker to gain unauthorized access to the Crypto Co-Processor (CCP) registers, potentially compromising cryptographic key management and leading to loss of confidentiality or integrity. The vulnerability affects AMD EPYC and Ryzen processors with ASP implementations. While the CVSS score of 7.9 indicates high severity, exploitation requires high privilege level (PR:H) and local access (AV:L), limiting real-world attack surface; however, this is an actively tracked vulnerability relevant to data center and workstation security.

Technical ContextAI

The vulnerability exists in AMD's ASP (AMD Secure Processor), a dedicated security coprocessor integrated into AMD EPYC and Ryzen processors. The ASP manages the Crypto Co-Processor (CCP), which handles cryptographic operations including key storage and management. CWE-1262 (Improper Access Control to Register Interface) describes the root cause: inadequate access controls on memory-mapped or hardware registers that should restrict access to privileged operations. An attacker with high-level privileges can access CCP registers that should be protected, potentially reading or modifying cryptographic key pointers and indices. The vulnerability stems from insufficient validation or enforcement of access control policies at the register interface level, allowing register operations that bypass intended security boundaries. This affects the hardware abstraction layer and firmware that manages CCP resource access across privilege levels.

RemediationAI

Remediation consists of three components: (1) Microcode updates: AMD released processor microcode patches that implement proper register access controls for CCP operations; apply via firmware/BIOS updates from the processor vendor. (2) BIOS/UEFI firmware updates: OEMs (Dell, HPE, Lenovo, Supermicro) released BIOS updates incorporating the patched microcode; check vendor support pages for affected server/workstation models and download the latest BIOS revision. (3) Administrative controls: Limit high-privilege access (root/SYSTEM) to trusted users and processes; implement PAM/SELinux policies to restrict operations that could access privileged register interfaces; monitor for unusual privileged process behavior. For affected EPYC systems: Check AMD EPYC Security Update advisories and OEM-specific bulletins (Dell, HPE, Lenovo) for patched BIOS versions. For Ryzen systems: Update BIOS through the manufacturer (ASUS, MSI, Gigabyte for workstations/consumer boards) to the latest version incorporating the security patch. No workarounds exist beyond patching and access control; this is a hardware/firmware issue requiring updates.

CVE-2023-20599 vulnerability details – vuln.today

Back

ASP CVE-2023-20599

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code