Skip to main content

AMD Optional Tools CVE-2026-40677

| EUVDEUVD-2026-36488 HIGH
Reliance on HTTP instead of HTTPS (CWE-1428)
2026-06-12 AMD GHSA-7w59-qfq7-wqw6
7.7
CVSS 4.0 · Vendor: AMD
Share

Severity by source

Vendor (AMD) PRIMARY
7.7 HIGH
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.5 HIGH

Network-reachable but requires an in-path MitM (AC:H) and the user must run the tool (UI:R); no auth needed (PR:N) and successful RCE compromises C/I/A fully.

3.1 AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (AMD).

CVSS VectorVendor: AMD

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 12, 2026 - 16:16 vuln.today

DescriptionCVE.org

The use of insecure HTTP transport within AMD optional tools could allow an attacker to conduct a man-in-the-middle attack, potentially leading to arbitrary code execution.

AnalysisAI

Man-in-the-middle attacks against AMD's optional desktop tools - AMD Management Console (AMC), AMD Ryzen Master, and AMD μProf - can lead to arbitrary code execution because the affected utilities transport data over plaintext HTTP rather than TLS. An attacker positioned on the network path between a victim workstation and the AMD endpoint can tamper with traffic (most plausibly update or telemetry channels) to substitute malicious content that is then executed by the tool. No public exploit identified at time of analysis and the issue is not in CISA KEV; EPSS data was not provided.

Technical ContextAI

The flaw is rooted in CWE-1428 (use of an insecure transport / reliance on HTTP instead of HTTPS), meaning one or more network calls performed by the tools are not protected by certificate-validated TLS. The affected products per the CPE data are AMD Management Console (cpe:2.3:a:amd:amd_management_console_(amc)), AMD Ryzen Master (cpe:2.3:a:amd:amd_ryzen™_master) and AMD μProf (cpe:2.3:a:amd:amd_µprof) - all Windows-side companion utilities that talk back to AMD-hosted services for updates, profiling assets, or telemetry. When such a client trusts the integrity of an unauthenticated HTTP channel for code, scripts, libraries, or installer payloads, an in-path attacker can swap the response and turn a benign download into native code execution in the user's session.

RemediationAI

Patch available per vendor advisory: update AMD Management Console, AMD Ryzen Master, and AMD μProf to the versions listed in AMD-SB-9027 (https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9027.html) - exact fix versions are not included in this dataset and should be taken directly from that bulletin. Until patching, uninstall the optional tools from systems that do not actively need them (none are required for CPU operation), and instruct users not to run AMC/Ryzen Master/μProf while connected to untrusted networks such as public Wi-Fi or shared hotel/conference LANs; route required usage through a trusted VPN so the HTTP traffic cannot be intercepted on the local segment. Egress filtering or HTTPS-only proxies can also block the cleartext fetches, with the side effect of breaking any tool feature (update check, telemetry, asset download) that depends on the insecure endpoint.

Share

CVE-2026-40677 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy