How severe is CVE-2019-15809?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2019-15809?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2019-15809

MEDIUM Year: 2019

CVSS v3 Score

4.7

Medium

CVSS v2 Score

1.2

Low

Weakness Type

CWE-203

View all →

Vulnerability Description

Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The issue occurs because the Atmel Toolbox 00.03.11.05 contains two versions of ECDSA signature functions, described as fast and secure, but the affected cards chose to use the fast version, which leaks the bit length of the random nonce via timing. This affects Athena IDProtect 010b.0352.0005, Athena IDProtect 010e.1245.0002, Athena IDProtect 0106.0130.0401, Athena IDProtect 010e.1245.0002, Valid S/A IDflex V 010b.0352.0005, SafeNet eToken 4300 010e.1245.0002, TecSec Armored Card 010e.0264.0001, and TecSec Armored Card 108.0264.0001.

CVE-2018-0495

MEDIUM

CVSS:4.7(Medium)

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_e...

CWE-2032018

CVE-2018-16868

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same ph...

CWE-2032018

CVE-2018-16869

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the ...

CWE-2032018

CVE-2019-13628

MEDIUM

CVSS:4.7(Medium)

wolfSSL and wolfCrypt 4.0.0 and earlier (when configured without --enable-fpecc, --enable-sp, or --enable-sp-math) contain a timing side channel in ECDSA signature generation. This allows a local atta...

CWE-2032019

CVE-2019-18222

MEDIUM

CVSS:4.7(Medium)

The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recov...

CWE-2032019

CVE-2020-10932

MEDIUM

CVSS:4.7(Medium)

An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reco...

CWE-2032020

CVE-2019-15809

Vulnerability Description

Related Vulnerabilities

CVE-2018-0495

CVE-2018-16868

CVE-2018-16869

CVE-2019-13628

CVE-2019-18222

CVE-2020-10932