CVE-2023-20570

LOW
Published Feb 13, 2024 Modified Mar 22, 2025 CWE-345

Description

Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams.

CVSS v3.1 Score

3.3
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Weakness Type (CWE)

CWE-345 CWE-345

Affected Products

Vendor Product
amd alveo_u50_firmware
amd alveo_u50
amd alveo_u200_firmware
amd alveo_u200
amd alveo_u250_firmware
amd alveo_u250
amd alveo_u280_firmware
amd alveo_u280
amd kintex_ultrascale\+_ku3p_firmware
amd kintex_ultrascale\+_ku3p
amd kintex_ultrascale\+_ku5p_firmware
amd kintex_ultrascale\+_ku5p
amd kintex_ultrascale\+_ku9p_firmware
amd kintex_ultrascale\+_ku9p
amd kintex_ultrascale\+_ku11p_firmware
amd kintex_ultrascale\+_ku11p
amd kintex_ultrascale\+_ku13p_firmware
amd kintex_ultrascale\+_ku13p
amd kintex_ultrascale\+_ku15p_firmware
amd kintex_ultrascale\+_ku15p
amd kintex_ultrascale\+_ku19p_firmware
amd kintex_ultrascale\+_ku19p
amd kintex_ultrascale_ku025_firmware
amd kintex_ultrascale_ku025
amd kintex_ultrascale_ku035_firmware
amd kintex_ultrascale_ku035
amd kintex_ultrascale_ku040_firmware
amd kintex_ultrascale_ku040
amd kintex_ultrascale_ku060_firmware
amd kintex_ultrascale_ku060
amd kintex_ultrascale_ku085_firmware
amd kintex_ultrascale_ku085
amd kintex_ultrascale_ku095_firmware
amd kintex_ultrascale_ku095
amd kintex_ultrascale_ku115_firmware
amd kintex_ultrascale_ku115
amd virtex_ultrascale_xcvu065_firmware
amd virtex_ultrascale_xcvu065
amd virtex_ultrascale_xcvu080_firmware
amd virtex_ultrascale_xcvu080
amd virtex_ultrascale_xcvu095_firmware
amd virtex_ultrascale_xcvu095
amd virtex_ultrascale_xcvu125_firmware
amd virtex_ultrascale_xcvu125
amd virtex_ultrascale_xcvu160_firmware
amd virtex_ultrascale_xcvu160
amd virtex_ultrascale_xcvu190_firmware
amd virtex_ultrascale_xcvu190
amd virtex_ultrascale_xcvu440_firmware
amd virtex_ultrascale_xcvu440
amd virtex_ultrascale\+_vu3p_firmware
amd virtex_ultrascale\+_vu3p
amd virtex_ultrascale\+_vu5p_firmware
amd virtex_ultrascale\+_vu5p
amd virtex_ultrascale\+_vu7p_firmware
amd virtex_ultrascale\+_vu7p
amd virtex_ultrascale\+_vu9p_firmware
amd virtex_ultrascale\+_vu9p
amd virtex_ultrascale\+_vu11p_firmware
amd virtex_ultrascale\+_vu11p
amd virtex_ultrascale\+_vu13p_firmware
amd virtex_ultrascale\+_vu13p
amd virtex_ultrascale\+_vu19p_firmware
amd virtex_ultrascale\+_vu19p
amd virtex_ultrascale\+_vu23p_firmware
amd virtex_ultrascale\+_vu23p
amd virtex_ultrascale\+_vu27p_firmware
amd virtex_ultrascale\+_vu27p
amd virtex_ultrascale\+_vu29p_firmware
amd virtex_ultrascale\+_vu29p
amd virtex_ultrascale\+_vu31p_firmware
amd virtex_ultrascale\+_vu31p
amd virtex_ultrascale\+_vu33p_firmware
amd virtex_ultrascale\+_vu33p
amd virtex_ultrascale\+_vu35p_firmware
amd virtex_ultrascale\+_vu35p
amd virtex_ultrascale\+_vu37p_firmware
amd virtex_ultrascale\+_vu37p
amd virtex_ultrascale\+_vu45p_firmware
amd virtex_ultrascale\+_vu45p
amd virtex_ultrascale\+_vu47p_firmware
amd virtex_ultrascale\+_vu47p
amd virtex_ultrascale\+_vu57p_firmware
amd virtex_ultrascale\+_vu57p
amd artix_ultrascale\+_au7p_firmware
amd artix_ultrascale\+_au7p
amd artix_ultrascale\+_au10p_firmware
amd artix_ultrascale\+_au10p
amd artix_ultrascale\+_au15p_firmware
amd artix_ultrascale\+_au15p
amd artix_ultrascale\+_au20p_firmware
amd artix_ultrascale\+_au20p
amd artix_ultrascale\+_au25p_firmware
amd artix_ultrascale\+_au25p

References

Frequently Asked Questions

What is CVE-2023-20570? +
Insufficient verification of data authenticity in the configuration state machine may allow a local attacker to potentially load arbitrary bitstreams. It has a CVSS v3.1 base score of 3.3 (LOW).
How severe is CVE-2023-20570? +
CVE-2023-20570 has a CVSS v3.1 score of 3.3 out of 10, rated LOW. This is a low-severity vulnerability with limited impact.
What products are affected by CVE-2023-20570? +
CVE-2023-20570 affects products from amd, specifically: alveo_u200, alveo_u200_firmware, alveo_u250, alveo_u250_firmware, alveo_u280, alveo_u280_firmware, alveo_u50, alveo_u50_firmware, artix_ultrascale\+_au10p, artix_ultrascale\+_au10p_firmware, artix_ultrascale\+_au15p, artix_ultrascale\+_au15p_firmware, artix_ultrascale\+_au20p, artix_ultrascale\+_au20p_firmware, artix_ultrascale\+_au25p, artix_ultrascale\+_au25p_firmware, artix_ultrascale\+_au7p, artix_ultrascale\+_au7p_firmware, kintex_ultrascale\+_ku11p, kintex_ultrascale\+_ku11p_firmware, kintex_ultrascale\+_ku13p, kintex_ultrascale\+_ku13p_firmware, kintex_ultrascale\+_ku15p, kintex_ultrascale\+_ku15p_firmware, kintex_ultrascale\+_ku19p, kintex_ultrascale\+_ku19p_firmware, kintex_ultrascale\+_ku3p, kintex_ultrascale\+_ku3p_firmware, kintex_ultrascale\+_ku5p, kintex_ultrascale\+_ku5p_firmware, kintex_ultrascale\+_ku9p, kintex_ultrascale\+_ku9p_firmware, kintex_ultrascale_ku025, kintex_ultrascale_ku025_firmware, kintex_ultrascale_ku035, kintex_ultrascale_ku035_firmware, kintex_ultrascale_ku040, kintex_ultrascale_ku040_firmware, kintex_ultrascale_ku060, kintex_ultrascale_ku060_firmware, kintex_ultrascale_ku085, kintex_ultrascale_ku085_firmware, kintex_ultrascale_ku095, kintex_ultrascale_ku095_firmware, kintex_ultrascale_ku115, kintex_ultrascale_ku115_firmware, virtex_ultrascale\+_vu11p, virtex_ultrascale\+_vu11p_firmware, virtex_ultrascale\+_vu13p, virtex_ultrascale\+_vu13p_firmware, virtex_ultrascale\+_vu19p, virtex_ultrascale\+_vu19p_firmware, virtex_ultrascale\+_vu23p, virtex_ultrascale\+_vu23p_firmware, virtex_ultrascale\+_vu27p, virtex_ultrascale\+_vu27p_firmware, virtex_ultrascale\+_vu29p, virtex_ultrascale\+_vu29p_firmware, virtex_ultrascale\+_vu31p, virtex_ultrascale\+_vu31p_firmware, virtex_ultrascale\+_vu33p, virtex_ultrascale\+_vu33p_firmware, virtex_ultrascale\+_vu35p, virtex_ultrascale\+_vu35p_firmware, virtex_ultrascale\+_vu37p, virtex_ultrascale\+_vu37p_firmware, virtex_ultrascale\+_vu3p, virtex_ultrascale\+_vu3p_firmware, virtex_ultrascale\+_vu45p, virtex_ultrascale\+_vu45p_firmware, virtex_ultrascale\+_vu47p, virtex_ultrascale\+_vu47p_firmware, virtex_ultrascale\+_vu57p, virtex_ultrascale\+_vu57p_firmware, virtex_ultrascale\+_vu5p, virtex_ultrascale\+_vu5p_firmware, virtex_ultrascale\+_vu7p, virtex_ultrascale\+_vu7p_firmware, virtex_ultrascale\+_vu9p, virtex_ultrascale\+_vu9p_firmware, virtex_ultrascale_xcvu065, virtex_ultrascale_xcvu065_firmware, virtex_ultrascale_xcvu080, virtex_ultrascale_xcvu080_firmware, virtex_ultrascale_xcvu095, virtex_ultrascale_xcvu095_firmware, virtex_ultrascale_xcvu125, virtex_ultrascale_xcvu125_firmware, virtex_ultrascale_xcvu160, virtex_ultrascale_xcvu160_firmware, virtex_ultrascale_xcvu190, virtex_ultrascale_xcvu190_firmware, virtex_ultrascale_xcvu440, virtex_ultrascale_xcvu440_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2023-20570? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2023-20570 — free, no signup required.

Start Free Scan