How severe is CVE-2019-18673?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2019-18673?

This is classified as CWE-203, which is a common weakness in software security.

CVE-2019-18673

MEDIUM Year: 2019

CVSS v3 Score

4.6

Medium

CVSS v2 Score

1.9

Low

Weakness Type

CWE-203

View all →

Vulnerability Description

On SHIFT BitBox02 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial recovery of display contents. For example, a hardware implant in the USB cable might be able to leverage this behavior to recover confidential secrets such as the PIN and BIP39 mnemonic. Note: BIP39 secrets are not displayed by default on this device. The side channel is relevant only if the attacker has enough control over the device's USB connection to make power-consumption measurements at a time when secret data is displayed. The side channel is not relevant in other circumstances, such as a stolen device that is not currently displaying secret data.

CVE-2019-14358

MEDIUM

CVSS:4.6(Medium)

On Archos Safe-T devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowing a partial...

CWE-2032019

CVE-2019-14360

MEDIUM

CVSS:4.6(Medium)

On Hyundai Pay Kasse HK-1000 devices, a side channel for the row-based OLED display was found. The power consumption of each row-based display cycle depends on the number of illuminated pixels, allowi...

CWE-2032019

CVE-2022-45163

MEDIUM

CVSS:4.6(Medium)

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX ...

CWE-2032022

CVE-2018-0495

MEDIUM

CVSS:4.7(Medium)

Libgcrypt before 1.7.10 and 1.8.x before 1.8.3 allows a memory-cache side-channel attack on ECDSA signatures that can be mitigated through the use of blinding during the signing process in the _gcry_e...

CWE-2032018

CVE-2018-16868

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way gnutls handles verification of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run process on the same ph...

CWE-2032018

CVE-2018-16869

MEDIUM

CVSS:4.7(Medium)

A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the ...

CWE-2032018

CVE-2019-18673

Vulnerability Description

Related Vulnerabilities

CVE-2019-14358

CVE-2019-14360

CVE-2022-45163

CVE-2018-0495

CVE-2018-16868

CVE-2018-16869