How severe is CVE-2019-14358?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2019-14358?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2019-14358

MEDIUM Year: 2019

CVSS v3 Score

4.6

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-203

View all →

Vulnerability Description

On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. In other words, the side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.

CVE-2019-14360

MEDIUM

CVSS:4.6(Medium)

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowi...

CWE-2032019

CVE-2019-18673

MEDIUM

CVSS:4.6(Medium)

On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partia...

CWE-2032019

CVE-2022-45163

MEDIUM

CVSS:4.6(Medium)

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX ...

CWE-2032022

CVE-2018-0495

MEDIUM

CVSS:4.7(Medium)

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_e...

CWE-2032018

CVE-2018-16868

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same ph...

CWE-2032018

CVE-2018-16869

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the ...

CWE-2032018

CVE-2019-14358

Vulnerability Description

Related Vulnerabilities

CVE-2019-14360

CVE-2019-18673

CVE-2022-45163

CVE-2018-0495

CVE-2018-16868

CVE-2018-16869