Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-15361 (GCVE-0-2017-15361)
Vulnerability from cvelistv5 – Published: 2017-10-16 17:00 – Updated: 2024-08-05 19:57
VLAI?
EPSS
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://keychest.net/roca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-14T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://keychest.net/roca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
"refsource": "MISC",
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
"refsource": "MISC",
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"name": "https://blog.cr.yp.to/20171105-infineon.html",
"refsource": "MISC",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"name": "https://monitor.certipath.com/rsatest",
"refsource": "MISC",
"url": "https://monitor.certipath.com/rsatest"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
"refsource": "MISC",
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
"refsource": "MISC",
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"name": "http://support.lenovo.com/us/en/product_security/LEN-15552",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171024-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
"refsource": "MISC",
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"name": "https://github.com/crocs-muni/roca",
"refsource": "MISC",
"url": "https://github.com/crocs-muni/roca"
},
{
"name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
"refsource": "MISC",
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101484"
},
{
"name": "https://keychest.net/roca",
"refsource": "MISC",
"url": "https://keychest.net/roca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15361",
"datePublished": "2017-10-16T17:00:00.000Z",
"dateReserved": "2017-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:25.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CNVD-2017-33657
Vulnerability from cnvd - Published: 2017-11-13
VLAI Severity ?
Title
Infineon RSA Library加密安全绕过漏洞
Description
Infineon Trusted Platform Module(TPM)是德国英飞凌(Infineon)科技公司的一款数据加密芯片。Infineon RSA library是其中的一个加密库。
Infineon TPM中的Infineon RSA库1.02.013版本中存在安全漏洞,该漏洞未能正确的处理RSA密钥的生成。攻击者可利用该漏洞破坏加密保护机制。
Severity
中
Patch Name
Infineon RSA Library加密安全绕过漏洞的补丁
Patch Description
Infineon Trusted Platform Module(TPM)是德国英飞凌(Infineon)科技公司的一款数据加密芯片。Infineon RSA library是其中的一个加密库。
Infineon TPM中的Infineon RSA库1.02.013版本中存在安全漏洞,该漏洞未能正确的处理RSA密钥的生成。攻击者可利用该漏洞破坏加密保护机制。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
Reference
https://nvd.nist.gov/vuln/detail/CVE-2017-15361
Impacted products
| Name | Infineon RSA Library 1.02.013 |
|---|
{
"bids": {
"bid": {
"bidNumber": "101484"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2017-15361"
}
},
"description": "Infineon Trusted Platform Module\uff08TPM\uff09\u662f\u5fb7\u56fd\u82f1\u98de\u51cc\uff08Infineon\uff09\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u6570\u636e\u52a0\u5bc6\u82af\u7247\u3002Infineon RSA library\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u52a0\u5bc6\u5e93\u3002\r\n\r\nInfineon TPM\u4e2d\u7684Infineon RSA\u5e931.02.013\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406RSA\u5bc6\u94a5\u7684\u751f\u6210\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u52a0\u5bc6\u4fdd\u62a4\u673a\u5236\u3002",
"discovererName": "Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-33657",
"openTime": "2017-11-13",
"patchDescription": "Infineon Trusted Platform Module\uff08TPM\uff09\u662f\u5fb7\u56fd\u82f1\u98de\u51cc\uff08Infineon\uff09\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u6570\u636e\u52a0\u5bc6\u82af\u7247\u3002Infineon RSA library\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u52a0\u5bc6\u5e93\u3002\r\n\r\nInfineon TPM\u4e2d\u7684Infineon RSA\u5e931.02.013\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406RSA\u5bc6\u94a5\u7684\u751f\u6210\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7834\u574f\u52a0\u5bc6\u4fdd\u62a4\u673a\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Infineon RSA Library\u52a0\u5bc6\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Infineon RSA Library 1.02.013"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-15361",
"serverity": "\u4e2d",
"submitTime": "2017-10-18",
"title": "Infineon RSA Library\u52a0\u5bc6\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}
CERTFR-2018-AVI-095
Vulnerability from certfr_avis - Published: 2018-02-22 - Updated: 2018-02-22
De multiples vulnérabilités ont été découvertes dans SCADA les produits Siemens . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une exécution de code arbitraire et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Se r\u00e9f\u00e9rer aux avis du constructeur pour les syst\u00e8mes affect\u00e9s (cf. section Documentation)",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-5705",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5705"
},
{
"name": "CVE-2017-5708",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5708"
},
{
"name": "CVE-2017-5710",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5710"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2017-5706",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5706"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2017-5712",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5712"
},
{
"name": "CVE-2017-5707",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5707"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2017-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15361"
},
{
"name": "CVE-2017-5709",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5709"
},
{
"name": "CVE-2017-5711",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5711"
}
],
"initial_release_date": "2018-02-22T00:00:00",
"last_revision_date": "2018-02-22T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-095",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-02-22T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans SCADA les produits\nSiemens . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, une ex\u00e9cution de code\narbitraire et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans SCADA les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-470231 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-168644 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-168644.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 SCADA Siemens ssa-892715 du 22 f\u00e9vrier 2018",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-892715.pdf"
}
]
}
CERTFR-2018-AVI-432
Vulnerability from certfr_avis - Published: 2018-09-12 - Updated: 2018-09-12
De multiples vulnérabilités ont été découvertes dans les produits Intel. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Intel | N/A | Intel Data Center manager versions antérieures à 5.1 | ||
| Intel | N/A | Intel Centrino Wireless-N 135 | ||
| Intel | N/A | Processeur de la famille Intel Core de 6ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel NUC Kit NUC7i3DNHE | ||
| Intel | N/A | Intel Compute Card CD1P64GK | ||
| Intel | N/A | Processeur Intel Core X-Series avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Intel IoT Developers Kit versions 4.0 et antérieures | ||
| Intel | N/A | Intel NUC Kit NUC8i7HNK | ||
| Intel | N/A | Intel Server Board S2600BP (Purley) | ||
| Intel | N/A | Intel Computing Improvement Program versions antérieures à 2.2.0.03942 | ||
| Intel | N/A | Intel NUC Kit NUC7i7BNH | ||
| Intel | N/A | Intel NUC Kit NUC5PGYH | ||
| Intel | N/A | Intel Compute Stick STCK1A32WFC | ||
| Intel | N/A | Intel Centrino Wireless-N 1030 | ||
| Intel | N/A | Processeur Intel Xeon Scalable avec un microgiciel (CSME) antérieure à 11.21.55 | ||
| Intel | N/A | Intel Compute Card CD1M3128MK | ||
| Intel | N/A | Intel ME versions antérieures à 10.0.60 | ||
| Intel | N/A | Intel NUC Kit NUC7i7DNKE | ||
| Intel | N/A | Intel ME versions antérieures à 9.1.45 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.11.55 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-X_04.00.04.077.0 | ||
| Intel | N/A | Intel Centrino Wireless-N 130 | ||
| Intel | N/A | Intel Server Board S2600WF | ||
| Intel | N/A | Processeur Intel Xeon W avec un microgiciel (CSME) antérieure à 11.11.55 | ||
| Intel | N/A | Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel antérieure à 4.x.05 | ||
| Intel | N/A | Intel Compute Stick STK1AW32SC | ||
| Intel | N/A | Intel Server Board S2600TP (Grantley) | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_E5_04.00.04.381.0 | ||
| Intel | N/A | Intel NUC Kit NUC5CPYH | ||
| Intel | N/A | Intel NUC Kit D54250WYB | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 4.0.5 | ||
| Intel | N/A | Intel Distribution pour Python 2018 téléchargé avant le 6 août 2018 | ||
| Intel | N/A | Intel CSME versions antérieures à 12.0.6 | ||
| Intel | N/A | Intel NUC Kit NUC6i5SYH | ||
| Intel | N/A | Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Intel NUC Kit NUC6CAYS | ||
| Intel | N/A | Intel NUC Kit NUC7CJYH | ||
| Intel | N/A | Intel Centrino Advanced-N 6230 | ||
| Intel | N/A | Intel NUC Kit NUC7i5DNKE | ||
| Intel | N/A | Intel NUC Kit NUC5i5MYHE | ||
| Intel | N/A | Intel NUC Kit NUC5i7RYH | ||
| Intel | N/A | Processeur de la famille Intel Core de 8ème génération avec un microgiciel (CSME) antérieure à 12.0.6 | ||
| Intel | N/A | Intel Centrino Wireless-N 2230 | ||
| Intel | N/A | Intel NUC Kit NUC5i3MYHE | ||
| Intel | N/A | Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel Server Platform Service microgiciel antérieures à SPS_SoC-A_04.00.04.177.0 | ||
| Intel | N/A | Intel NUC Kit NUC6i7KYK | ||
| Intel | N/A | Intel NUC Kit D33217GKE | ||
| Intel | N/A | Processeur Intel Xeon D-2100 Family Platform avec un microgiciel antérieure à 4.00.04.077.0 | ||
| Intel | N/A | Intel ME versions antérieures à 9.5.65 | ||
| Intel | N/A | Intel NUC Kit DE3815TYBE | ||
| Intel | N/A | Intel CSME versions antérieures à 11.8.55 | ||
| Intel | N/A | Intel Server Board S2600WT (Grantley) | ||
| Intel | N/A | Intel Server Board S2600ST | ||
| Intel | N/A | Intel Data Migration Software versions 3.1 et antérieures | ||
| Intel | N/A | Intel Compute Stick STK2mv64CC | ||
| Intel | N/A | Processeur Intel Xeon Scalable Family Platforms avec un microgiciel antérieure à 4.00.04.381.0 | ||
| Intel | N/A | Intel NUC Kit D53427RKE | ||
| Intel | N/A | Intel Compute Card CD1IV128MK | ||
| Intel | N/A | Intel Trusted Execution Engine (TXE) versions antérieures à 3.1.55 | ||
| Intel | N/A | Outil de détection pour la vulnérabilité Intel-SA-00086 en version antérieure à 1.2.7.0 | ||
| Intel | N/A | Intel Centrino Advanced-N 6235 | ||
| Intel | N/A | Intel Extreme Tuning Utility versions antérieures à 6.4.1.23. | ||
| Intel | N/A | Processeur de la famille Intel Core de 7ème génération avec un microgiciel (CSME) antérieure à 11.8.55 | ||
| Intel | N/A | Intel CSME versions antérieures à 11.21.55 | ||
| Intel | N/A | Processeur Intel Atom C3000 Series Platform avec un microgiciel antérieure à 4.00.04.177.0 | ||
| Intel | N/A | Intel NUC Kit DN2820FYKH | ||
| Intel | N/A | Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et antérieures | ||
| Intel | N/A | Intel Compute Stick STK2m3W64CC | ||
| Intel | N/A | Intel Driver & Support Assistant versions antérieures à 3.5.0.1 |
References
| Title | Publication Time | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Intel Data Center manager versions ant\u00e9rieures \u00e0 5.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 135",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 6\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i3DNHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1P64GK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Core X-Series avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel IoT Developers Kit versions 4.0 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC8i7HNK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600BP (Purley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Computing Improvement Program versions ant\u00e9rieures \u00e0 2.2.0.03942",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7BNH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5PGYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STCK1A32WFC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 1030",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1M3128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 10.0.60",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i7DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.1.45",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-X_04.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 130",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600WF",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon W avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.11.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel QuickAssist Adapter 8960/8970 Products avec un microgiciel ant\u00e9rieure \u00e0 4.x.05",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK1AW32SC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600TP (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v5 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_E5_04.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5CPYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D54250WYB",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 4.0.5",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Distribution pour Python 2018 t\u00e9l\u00e9charg\u00e9 avant le 6 ao\u00fbt 2018",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i5SYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel C620 Series Chipset Family (PCIe End Point Mode) avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6CAYS",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7CJYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC7i5DNKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i5MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i7RYH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 8\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 12.0.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Wireless-N 2230",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC5i3MYHE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon E3-1200/1500 v6 avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Platform Service microgiciel ant\u00e9rieures \u00e0 SPS_SoC-A_04.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit NUC6i7KYK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D33217GKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon D-2100 Family Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.077.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel ME versions ant\u00e9rieures \u00e0 9.5.65",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DE3815TYBE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600WT (Grantley)",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Server Board S2600ST",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Data Migration Software versions 3.1 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2mv64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Xeon Scalable Family Platforms avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.381.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit D53427RKE",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Card CD1IV128MK",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Trusted Execution Engine (TXE) versions ant\u00e9rieures \u00e0 3.1.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Outil de d\u00e9tection pour la vuln\u00e9rabilit\u00e9 Intel-SA-00086 en version ant\u00e9rieure \u00e0 1.2.7.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Centrino Advanced-N 6235",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Extreme Tuning Utility versions ant\u00e9rieures \u00e0 6.4.1.23.",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur de la famille Intel Core de 7\u00e8me g\u00e9n\u00e9ration avec un microgiciel (CSME) ant\u00e9rieure \u00e0 11.8.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel CSME versions ant\u00e9rieures \u00e0 11.21.55",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Processeur Intel Atom C3000 Series Platform avec un microgiciel ant\u00e9rieure \u00e0 4.00.04.177.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel NUC Kit DN2820FYKH",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel OpenVINO Toolkit pour Windows versions 2018.1.265 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Compute Stick STK2m3W64CC",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
},
{
"description": "Intel Driver \u0026 Support Assistant versions ant\u00e9rieures \u00e0 3.5.0.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Intel",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-12162",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12162"
},
{
"name": "CVE-2018-3655",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3655"
},
{
"name": "CVE-2018-12160",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12160"
},
{
"name": "CVE-2018-3657",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3657"
},
{
"name": "CVE-2018-3669",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3669"
},
{
"name": "CVE-2018-12151",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12151"
},
{
"name": "CVE-2018-12148",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12148"
},
{
"name": "CVE-2018-12149",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12149"
},
{
"name": "CVE-2018-12176",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12176"
},
{
"name": "CVE-2018-3659",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3659"
},
{
"name": "CVE-2018-12171",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12171"
},
{
"name": "CVE-2018-3658",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3658"
},
{
"name": "CVE-2018-3643",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3643"
},
{
"name": "CVE-2018-12175",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12175"
},
{
"name": "CVE-2018-3616",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3616"
},
{
"name": "CVE-2017-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15361"
},
{
"name": "CVE-2018-12150",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12150"
},
{
"name": "CVE-2018-12163",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12163"
},
{
"name": "CVE-2018-3686",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3686"
},
{
"name": "CVE-2018-3679",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3679"
}
],
"initial_release_date": "2018-09-12T00:00:00",
"last_revision_date": "2018-09-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-432",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-12T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Intel.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Intel",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00119 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00119.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00125 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00125.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00162 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00162.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00181 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00181.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00149 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00149.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00148 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00141 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00141.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00173 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00173.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00177 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00177.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00165 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00165.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00170 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00170.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00172 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00172.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00142 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00142.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00176 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00176.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00143 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00143.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Intel INTEL-SA-00131 du 11 septembre 2018",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00131.html"
}
]
}
CERTFR-2017-ALE-015
Vulnerability from certfr_alerte - Published: 2017-10-16 - Updated: 2017-10-17
Le 16 octobre 2017, des chercheurs de l'université Masaryk (République Tchèque), ont publié un article sur la découverte d'une vulnérabilité dans la bibliothèque RSA développée par Infineon.
Leurs travaux seront présentés le 2 novembre 2017 à la conférence "ACM Conference on Computer and Communcations Security". D'après les chercheurs, un problème dans la génération du couple clé privée/publique permet de retrouver la clé privée à partir de la clé publique uniquement. Cette attaque est applicable en pratique et peu coûteuse (76\$ pour une clé de 1024 bits et 40300\$ pour une clé de 2048 bits). Les systèmes affectés sont nombreux et comptent notamment des TPMs, des clés de chiffrement Bitlocker, des certificats TLS, des clés PGP ou SSH ou encore des cartes à puce.
Solution
Le CERT-FR recommande l'application des correctifs de sécurité pour les TPM vulnérables ainsi que la génération de nouvelles clés cryptographiques et la révocation des clés précédemment générées.
Les correctifs des micrologiciels des TPM doivent être récupérés auprès du constructeur du système considéré. Un lien vers une liste non-exhaustive de logiciels et matériels impactés est disponible à la section Documentation.
L'ensemble des données chiffrées avec des clés faibles doivent être déchiffrées puis rechiffrées avec de nouvelles clés. Le surchiffrement des données peut être envisagé mais alourdira la manipulation de données chiffrées.
Les données signées avec des clés faibles doivent être signées avec de nouvelles clés.
Chaque infrastructure de gestion de clé doit faire l'objet d'une attention spécifique, pour identifier si les certificats émis sont vulnérables. Dans les environnements Microsoft, l'usage de clés faibles dans un domaine Active Directory ou par Bitlocker conduit à une niveau de sécurité particulièrement bas.
Contournement provisoire
Les chercheurs ont publié sur le site internet github.com un outil permettant de tester si une clé RSA est vulnérable (voir section documentation). L'outil supporte plusieurs formats d'entrée (X509 DER ou PEM, clés SSH, clés PGP...). Le test peut s'effectuer à partir d'une clé privée ou d'une clé publique.
Le CERT-FR recommande de générer de nouvelles paires de clés RSA, de taille minimum 3072 bits, en utilisant des bibliothèques non vulnérables et de révoquer les clés qui auraient pu être générées par cette bibliothèque. Cette taille de clé est recommandée dans l'annexe B1 du RGS.
Plusieurs éditeurs de logiciels utilisant des TPM ont mis en place une solution de contournement, disponible par mise à jour de ces logiciels. De manière générale, ces solutions permettent la génération de clés de manière logicielle à la place de l'utilisation du TPM. Ces solutions ne permettent pas de corriger la faiblesse de clés déjà générées. Seule la mise à jour du micrologiciel du TPM permettra le retour à une situation normale. Dans le cas particulier de Windows, un des correctifs de sécurité d'octobre ajoute une journalisation lors de l'usage d'un TPM vulnérable. Cette possibilité facilite l'identification des matériels vulnérables.
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| N/A | N/A | Bibliothèque RSA Infineon version v1.02.013 | ||
| SolarWinds | Platform | Infineon TPM "Trusted Platform Module" |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Biblioth\u00e8que RSA Infineon version v1.02.013",
"product": {
"name": "N/A",
"vendor": {
"name": "N/A",
"scada": false
}
}
},
{
"description": "Infineon TPM \"Trusted Platform Module\"",
"product": {
"name": "Platform",
"vendor": {
"name": "SolarWinds",
"scada": false
}
}
}
],
"affected_systems_content": null,
"closed_at": "2017-11-27",
"content": "## Solution\n\nLe CERT-FR recommande l\u0027application des correctifs de s\u00e9curit\u00e9 pour les\nTPM vuln\u00e9rables ainsi que la g\u00e9n\u00e9ration de nouvelles cl\u00e9s\ncryptographiques et la r\u00e9vocation des cl\u00e9s pr\u00e9c\u00e9demment g\u00e9n\u00e9r\u00e9es.\n\nLes correctifs des micrologiciels des TPM doivent \u00eatre r\u00e9cup\u00e9r\u00e9s aupr\u00e8s\ndu constructeur du syst\u00e8me consid\u00e9r\u00e9. Un lien vers une liste\nnon-exhaustive de logiciels et mat\u00e9riels impact\u00e9s est disponible \u00e0 la\nsection Documentation.\n\nL\u0027ensemble des donn\u00e9es chiffr\u00e9es avec des cl\u00e9s faibles doivent \u00eatre\nd\u00e9chiffr\u00e9es puis rechiffr\u00e9es avec de nouvelles cl\u00e9s. Le surchiffrement\ndes donn\u00e9es peut \u00eatre envisag\u00e9 mais alourdira la manipulation de donn\u00e9es\nchiffr\u00e9es.\n\nLes donn\u00e9es sign\u00e9es avec des cl\u00e9s faibles doivent \u00eatre sign\u00e9es avec de\nnouvelles cl\u00e9s.\n\nChaque infrastructure de gestion de cl\u00e9 doit faire l\u0027objet d\u0027une\nattention sp\u00e9cifique, pour identifier si les certificats \u00e9mis sont\nvuln\u00e9rables. Dans les environnements Microsoft, l\u0027usage de cl\u00e9s faibles\ndans un domaine *Active Directory* ou par *Bitlocker* conduit \u00e0 une\nniveau de s\u00e9curit\u00e9 particuli\u00e8rement bas.\n\n## Contournement provisoire\n\n\u00a0\n\nLes chercheurs ont publi\u00e9 sur le site internet github.com un outil\npermettant de tester si une cl\u00e9 RSA est vuln\u00e9rable (voir section\ndocumentation). L\u0027outil supporte plusieurs formats d\u0027entr\u00e9e (X509 DER ou\nPEM, cl\u00e9s SSH, cl\u00e9s PGP...). Le test peut s\u0027effectuer \u00e0 partir d\u0027une cl\u00e9\npriv\u00e9e ou d\u0027une cl\u00e9 publique.\n\nLe CERT-FR recommande de g\u00e9n\u00e9rer de nouvelles paires de cl\u00e9s RSA, de\ntaille minimum 3072 bits, en utilisant des biblioth\u00e8ques non vuln\u00e9rables\net de r\u00e9voquer les cl\u00e9s qui auraient pu \u00eatre g\u00e9n\u00e9r\u00e9es par cette\nbiblioth\u00e8que. Cette taille de cl\u00e9 est recommand\u00e9e dans l\u0027annexe B1 du\nRGS.\n\nPlusieurs \u00e9diteurs de logiciels utilisant des TPM ont mis en place une\nsolution de contournement, disponible par mise \u00e0 jour de ces logiciels.\nDe mani\u00e8re g\u00e9n\u00e9rale, ces solutions permettent la g\u00e9n\u00e9ration de cl\u00e9s de\nmani\u00e8re logicielle \u00e0 la place de l\u0027utilisation du TPM. Ces solutions ne\npermettent pas de corriger la faiblesse de cl\u00e9s d\u00e9j\u00e0 g\u00e9n\u00e9r\u00e9es. Seule la\nmise \u00e0 jour du micrologiciel du TPM permettra le retour \u00e0 une situation\nnormale. Dans le cas particulier de Windows, un des correctifs de\ns\u00e9curit\u00e9 d\u0027octobre ajoute une journalisation lors de l\u0027usage d\u0027un TPM\nvuln\u00e9rable. Cette possibilit\u00e9 facilite l\u0027identification des mat\u00e9riels\nvuln\u00e9rables.\n",
"cves": [
{
"name": "CVE-2017-15361",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15361"
}
],
"initial_release_date": "2017-10-16T00:00:00",
"last_revision_date": "2017-10-17T00:00:00",
"links": [
{
"title": "Article de presse d\u0027Ars Technica du 16 octobre 2017",
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"title": "Liste des mat\u00e9riels et logiciels vuln\u00e9rables",
"url": "http://www.kb.cert.org/vuls/id/307015"
},
{
"title": "Annexe B1 du RGS",
"url": "https://www.ssi.gouv.fr/uploads/2015/01/RGS_v-2-0_B1.pdf"
},
{
"title": "Cas d\u0027usage dans les environnements Windows, contournements provisoires et d\u00e9finitifs",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012"
},
{
"title": "Outil permettant la d\u00e9tection de cl\u00e9s vuln\u00e9rables",
"url": "https://github.com/crocs-muni/roca"
}
],
"reference": "CERTFR-2017-ALE-015",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-10-16T00:00:00.000000"
},
{
"description": "Compl\u00e9ment d\u0027information sur les correctifs",
"revision_date": "2017-10-17T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "Le 16 octobre 2017, des chercheurs de l\u0027universit\u00e9 Masaryk (R\u00e9publique\nTch\u00e8que), ont publi\u00e9 un article sur la d\u00e9couverte d\u0027une vuln\u00e9rabilit\u00e9\ndans la biblioth\u00e8que RSA d\u00e9velopp\u00e9e par Infineon.\n\nLeurs travaux seront pr\u00e9sent\u00e9s le 2 novembre 2017 \u00e0 la conf\u00e9rence \"ACM\nConference on Computer and Communcations Security\". D\u0027apr\u00e8s les\nchercheurs, un probl\u00e8me dans la g\u00e9n\u00e9ration du couple cl\u00e9 priv\u00e9e/publique\npermet de retrouver la cl\u00e9 priv\u00e9e \u00e0 partir de la cl\u00e9 publique\nuniquement. Cette attaque est applicable en pratique et peu co\u00fbteuse\n(76\\$ pour une cl\u00e9 de 1024 bits et 40300\\$ pour une cl\u00e9 de 2048 bits).\nLes syst\u00e8mes affect\u00e9s sont nombreux et comptent notamment des TPMs, des\ncl\u00e9s de chiffrement Bitlocker, des certificats TLS, des cl\u00e9s PGP ou SSH\nou encore des cartes \u00e0 puce.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans la biblioth\u00e8que Infineon RSA",
"vendor_advisories": [
{
"published_at": null,
"title": "Article du centre pour la recherche en cryptographie et s\u00e9curit\u00e9 (CRoCS)",
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
}
]
}
FKIE_CVE-2017-15361
Vulnerability from fkie_nvd - Published: 2017-10-16 17:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://support.lenovo.com/us/en/product_security/LEN-15552 | Mitigation, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/101484 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://blog.cr.yp.to/20171105-infineon.html | ||
| cve@mitre.org | https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf | ||
| cve@mitre.org | https://crocs.fi.muni.cz/public/papers/rsa_ccs17 | Issue Tracking, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/crocs-muni/roca | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://github.com/iadgov/Detect-CVE-2017-15361-TPM | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 | ||
| cve@mitre.org | https://keychest.net/roca | Issue Tracking, Mitigation, Third Party Advisory | |
| cve@mitre.org | https://monitor.certipath.com/rsatest | Mitigation, Third Party Advisory | |
| cve@mitre.org | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20171024-0001/ | ||
| cve@mitre.org | https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us | ||
| cve@mitre.org | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us | ||
| cve@mitre.org | https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 | Mitigation, Vendor Advisory | |
| cve@mitre.org | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html | ||
| cve@mitre.org | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html | ||
| cve@mitre.org | https://www.kb.cert.org/vuls/id/307015 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| cve@mitre.org | https://www.yubico.com/support/security-advisories/ysa-2017-01/ | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://support.lenovo.com/us/en/product_security/LEN-15552 | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101484 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.cr.yp.to/20171105-infineon.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://crocs.fi.muni.cz/public/papers/rsa_ccs17 | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/crocs-muni/roca | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/iadgov/Detect-CVE-2017-15361-TPM | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://keychest.net/roca | Issue Tracking, Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://monitor.certipath.com/rsatest | Mitigation, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20171024-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.kb.cert.org/vuls/id/307015 | Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.yubico.com/support/security-advisories/ysa-2017-01/ | Mitigation, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| infineon | trusted_platform_firmware | 4.31 | |
| infineon | trusted_platform_firmware | 4.32 | |
| infineon | trusted_platform_firmware | 6.40 | |
| infineon | trusted_platform_firmware | 133.32 | |
| acer | c720_chromebook | - | |
| acer | chromebase | - | |
| acer | chromebase_24 | - | |
| acer | chromebook_11_c730 | - | |
| acer | chromebook_11_c730e | - | |
| acer | chromebook_11_c735 | - | |
| acer | chromebook_11_c740 | - | |
| acer | chromebook_11_c771 | - | |
| acer | chromebook_11_c771t | - | |
| acer | chromebook_11_n7_c731 | - | |
| acer | chromebook_13_cb5-311 | - | |
| acer | chromebook_14_cb3-431 | - | |
| acer | chromebook_14_for_work_cp5-471 | - | |
| acer | chromebook_15_cb3-531 | - | |
| acer | chromebook_15_cb3-532 | - | |
| acer | chromebook_15_cb5-571 | - | |
| acer | chromebook_r11 | - | |
| acer | chromebook_r13_cb5-312t | - | |
| acer | chromebox | - | |
| acer | chromebox_cxi2 | - | |
| aopen | chromebase | - | |
| aopen | chromebase | - | |
| aopen | chromebox | - | |
| aopen | chromeboxi | - | |
| asi | chromebook | - | |
| asus | chromebit_cs10 | - | |
| asus | chromebook_c200 | - | |
| asus | chromebook_c201pa | - | |
| asus | chromebook_c202sa | - | |
| asus | chromebook_c300 | - | |
| asus | chromebook_c300sa | - | |
| asus | chromebook_c301sa | - | |
| asus | chromebook_flip_c100pa | - | |
| asus | chromebook_flip_c302 | - | |
| asus | chromebox_cn60 | - | |
| asus | chromebox_cn62 | - | |
| bobicus | chromebook_11 | * | |
| ctl | j2_chromebook | - | |
| ctl | j4_chromebook | - | |
| ctl | j5_chromebook | - | |
| ctl | n6_chromebook | - | |
| ctl | nl61_chromebook | - | |
| dell | chromebook_11 | - | |
| dell | chromebook_11_3120 | - | |
| dell | chromebook_11_3189 | - | |
| dell | chromebook_11_model_3180 | - | |
| dell | chromebook_13_3380 | - | |
| dell | chromebox | - | |
| edugear | chromebook_k | - | |
| edugear | chromebook_m | - | |
| edugear | chromebook_r | - | |
| edugear | cmt_chromebook | - | |
| edxis | chromebook | - | |
| edxis | education_chromebook | - | |
| epik | chromebook_elb1101 | - | |
| pixel | - | ||
| haier | chromebook_11 | - | |
| haier | chromebook_11_c | - | |
| haier | chromebook_11_g2 | - | |
| haier | chromebook_11e | - | |
| hexa | chromebook_pi | - | |
| hisense | chromebook_11 | - | |
| hp | chromebook | - | |
| hp | chromebook_11-vxxx | - | |
| hp | chromebook_11_1100-1199 | - | |
| hp | chromebook_11_2000-2099 | - | |
| hp | chromebook_11_2100-2199 | - | |
| hp | chromebook_11_2200-2299 | - | |
| hp | chromebook_11_g1 | - | |
| hp | chromebook_11_g2 | - | |
| hp | chromebook_11_g3 | - | |
| hp | chromebook_11_g4\/g4_ee | - | |
| hp | chromebook_11_g5 | - | |
| hp | chromebook_11_g5_ee | - | |
| hp | chromebook_13_g1 | - | |
| hp | chromebook_14 | - | |
| hp | chromebook_14_ak000-099 | - | |
| hp | chromebook_14_g3 | - | |
| hp | chromebook_14_g4 | - | |
| hp | chromebook_14_x000-x999 | - | |
| hp | chromebox_cb1-\(000-099\) | - | |
| hp | chromebox_g1 | - | |
| lenovo | 100s_chromebook | - | |
| lenovo | n20_chromebook | - | |
| lenovo | n21_chromebook | - | |
| lenovo | n22_chromebook | - | |
| lenovo | n23_chromebook | - | |
| lenovo | n23_flex_11_chromebook | - | |
| lenovo | n23_yoga_11_chromebook | - | |
| lenovo | n42_chromebook | - | |
| lenovo | thinkcentre_chromebox | - | |
| lenovo | thinkpad_11e_chromebook | - | |
| lenovo | thinkpad_13_chromebook | - | |
| lg | chromebase_22cb25s | - | |
| lg | chromebase_22cv241 | - | |
| medion | akoya_s2013 | - | |
| medion | chromebook_s2015 | - | |
| mercer | chromebook | - | |
| mercer | v2_chromebook | - | |
| ncomputing | chromebook_cx100 | - | |
| nexian | chromebook | - | |
| pcmerge | chromebook_pcm-116t-432b | - | |
| poin2 | chromebook_11 | - | |
| poin2 | chromebook_14 | - | |
| positivo | chromebook_ch1190 | - | |
| prowise | entry_line_chromebook | - | |
| prowise | proline_chromebook | - | |
| rgs | education_chromebook | - | |
| samsung | chromebook_2_11 | - | |
| samsung | chromebook_2_11_xe500c12 | - | |
| samsung | chromebook_2_13 | - | |
| samsung | chromebook_3 | - | |
| samsung | chromebook_plus | - | |
| samsung | chromebook_pro | - | |
| sector-five | e1_rugged_chromebook | - | |
| senkatel | c1101_chromebook | - | |
| toshiba | chromebook | - | |
| toshiba | chromebook_2 | - | |
| toshiba | chromebook_2 | - | |
| true | idc_chromebook | - | |
| true | idc_chromebook_11 | - | |
| videonet | chromebook | - | |
| videonet | chromebook_bl10 | - | |
| viglen | chromebook_11 | - | |
| viglen | chromebook_360 | - | |
| xolo | chromebook | - | |
| infineon | rsa_library | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6D825C88-A5D7-4C1F-B09B-FF63FCE1B5F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "5C08FA98-E0C2-4382-94BD-5C40DECD1DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:6.40:*:*:*:*:*:*:*",
"matchCriteriaId": "D4751A17-AD4C-4F50-B0DD-4E02427BBA2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:*",
"matchCriteriaId": "1A8A144B-1859-4C49-8AC4-10EB0FD740F5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:acer:c720_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "878D0151-EE41-4EF6-A424-DA855C18986A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebase:-:*:*:*:*:*:*:*",
"matchCriteriaId": "57181990-1011-424B-8B0D-4FCBEE35E888",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebase_24:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11A4C072-B9A0-47ED-8060-AA0159AF0020",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c730:-:*:*:*:*:*:*:*",
"matchCriteriaId": "088996B8-E506-4A50-8EB0-5A1258D681AC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c730e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B50E8CCB-3B69-42E4-8AEE-88D0D7B9EB2F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c735:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3F326698-B295-4807-A4B4-0BAA9B66589E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c740:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDAE0DD7-5608-4556-9978-EE7E01023DA8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c771:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE7D2911-0265-4B37-8CD8-42DCEC7EABDB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_c771t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DD548B-AD54-4C47-9134-6B7A2398160B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_11_n7_c731:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADB4F13-0684-424B-AA6B-8A7018777984",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_13_cb5-311:-:*:*:*:*:*:*:*",
"matchCriteriaId": "295D21FA-D8D2-4C19-A5B6-50D7281B2A59",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_14_cb3-431:-:*:*:*:*:*:*:*",
"matchCriteriaId": "08683AB6-D690-408C-A5C7-9EF32A40876D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47665085-66B9-4E11-9D20-3A5A73352D91",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_15_cb3-531:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6B6973F7-0B85-4064-8879-543A243D8A8B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_15_cb3-532:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72BE3BCF-6FE8-46F1-B774-60916DE234CF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_15_cb5-571:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0413E176-3B87-4333-A9FB-A0727015ACDC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_r11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "075859B8-D6BE-45BB-81A0-C89792743BB1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A25AC3-0FB5-4F01-9865-0938E3976D96",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7D33132B-CC32-4640-8BF7-F8FCF80F6EC0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:acer:chromebox_cxi2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA85C38-CDBC-4163-8105-4E902ADD747A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromebase:-:*:commercial:*:*:*:*:*",
"matchCriteriaId": "A5821187-153C-48BD-802B-89FD159755D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromebase:-:*:mini:*:*:*:*:*",
"matchCriteriaId": "6D656A2B-6234-4BB2-A5CC-54B4EBA59FE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromebox:-:*:commercial:*:*:*:*:*",
"matchCriteriaId": "589B967C-3EF0-42DF-9FEF-C3411AC38B4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:aopen:chromeboxi:-:*:mini:*:*:*:*:*",
"matchCriteriaId": "3CB7F169-02A0-44B4-816B-0135DFD46905",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asi:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DF33E72-2E47-4D41-9B05-8D13B26694F0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebit_cs10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "68B8BACC-0F84-41A6-BBE0-3987B1E56A8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "280E26E9-5075-469C-A1B1-0CC833B32520",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c201pa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85F1DF93-A998-4528-9C82-721D16698FA3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c202sa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADFFC94-7F7A-40CF-817B-483BBDCCB66D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA7EA3C8-8B68-4BE1-9C2D-FAFC4AF8EA7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c300sa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "66CB44E8-A520-4291-9D48-5ED4BD2B9FB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_c301sa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6530E801-A924-4B0D-9602-92D320828C75",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_flip_c100pa:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB4C201C-3C87-4FC6-A48E-1428EA481195",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebook_flip_c302:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3C9716ED-3AEA-439B-9148-C66CC98D0D6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebox_cn60:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE2D4E6-CD1A-4336-9C1A-7B8FA5377CB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:asus:chromebox_cn62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A308E84E-1044-41EC-A7A2-2A0E5A5DAD02",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:bobicus:chromebook_11:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEB2859-2C44-410C-85F9-B37339161245",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:j2_chromebook:-:*:*:*:*:education:*:*",
"matchCriteriaId": "48E098F9-7EFD-452B-9A9C-383039BF8150",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:j4_chromebook:-:*:*:*:*:education:*:*",
"matchCriteriaId": "51F47A6C-430C-4635-BF8F-E837F37673FD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:j5_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBD6167-984D-492E-AA47-468678051CEC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:n6_chromebook:-:*:*:*:*:education:*:*",
"matchCriteriaId": "0E93EBE6-B016-42C1-A65A-4B14038DA0A7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ctl:nl61_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7987CC19-4679-47A6-B2B9-8D0A9F804925",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42D5DB45-A37D-48BE-9F00-C2108D47A4D2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11_3120:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F36AB1C2-6B81-49F7-998A-4E5A0692C161",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11_3189:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1F0D7C4-DB72-41CC-A163-BF9CA4315BCB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_11_model_3180:-:*:*:*:*:*:*:*",
"matchCriteriaId": "187CCE09-CC6D-455A-96A7-91667C22FCF4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebook_13_3380:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BE3D28-7E3F-419C-84E3-A29D858AADEF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:dell:chromebox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "455A3086-A52F-49DC-993F-E3FA17A3BE15",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:chromebook_k:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8534D121-1A3A-42C1-BC0E-B37012A5F7C7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:chromebook_m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF753670-DD77-415D-BD4B-17D41F975A0D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:chromebook_r:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9B0E191E-A0D9-4B8C-929B-012DF95A1FE3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edugear:cmt_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE234602-9C70-425B-A677-382775EDC564",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edxis:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04C5FAF4-1B36-4379-A530-6AB0509E69DA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:edxis:education_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8676FD39-8386-42D7-B551-A794B83268D3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:epik:chromebook_elb1101:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B403CE-EDC1-426F-94A4-B19FAEEAC8EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98D228FA-C7BD-4FA9-9885-4E2331E81966",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11_c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA2A4B85-5CA1-4D00-9F39-841FB6DE94EE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8833B8E1-E49E-4DA9-988C-B0615468DDFF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:haier:chromebook_11e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAD51FB-53D2-44BA-8C0B-70305E5C264E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hexa:chromebook_pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D4DA08F6-67F6-4577-8959-19290EF58553",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hisense:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "29036285-F6EB-4BCA-A338-0266F10A4B13",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook:-:*:*:*:*:meetings:*:*",
"matchCriteriaId": "106D11AE-4322-455C-B10E-FD4F2992B4DF",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11-vxxx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CE44E53F-383A-43E0-9B67-F736749764B9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_1100-1199:-:*:*:*:*:*:*:*",
"matchCriteriaId": "72E87B3E-5E9D-419F-BFF6-C550A26B9D31",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_2000-2099:-:*:*:*:*:*:*:*",
"matchCriteriaId": "89E336A5-8C90-405B-846F-003856AF8336",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_2100-2199:-:*:*:*:*:*:*:*",
"matchCriteriaId": "613BB633-7F07-4F3F-9327-B308E542FB6F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_2200-2299:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD37DD3-C729-4851-ACBE-D72848FDBAB5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62F027B0-FC37-4F25-BAF2-78C8E695C9E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "433AC4ED-752F-4B33-A294-CF2A82D8C12C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC8BDF0-F181-491D-88E7-8DD1FB5DC217",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g4\\/g4_ee:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A50F3009-FD55-454D-8BBB-C8CC7B692092",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g5:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2A8ECDE-FA43-42C8-A866-24909A2ACA1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_11_g5_ee:-:*:*:*:*:*:*:*",
"matchCriteriaId": "26C827F6-3C93-48DB-B8EE-4C8B715CC66C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_13_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC73A69B-777B-498E-B7C9-2D98D26E4864",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB89A0E-A308-4FAC-8FF6-83B3A932D549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_ak000-099:-:*:*:*:*:*:*:*",
"matchCriteriaId": "808093B3-07B4-48DE-9784-0ABA100187F8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_g3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8B82E0-BE77-4A6F-B867-AE51E775146D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_g4:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F00BDBE-F0D2-4B8C-BD8E-C1E52CBE216E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebook_14_x000-x999:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4233E3FD-B9A5-43BF-9C7F-80BF7446CD5D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebox_cb1-\\(000-099\\):-:*:*:*:*:*:*:*",
"matchCriteriaId": "B4DB5A7A-310D-442F-BE25-41A573EC8341",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:hp:chromebox_g1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71390570-8953-493B-9EF7-78D4A9AD0156",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:100s_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F3DD500A-CF2D-491A-AD2E-6201899840AE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n20_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F17AAE58-B621-4737-8045-4ACD5FCB1090",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n21_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "86B3EEBB-44DC-4923-AABB-FF3633C570BC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n22_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC42851D-E264-40C4-B44C-3CF3AAB3AE41",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n23_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED745A48-294A-4FB7-A845-8B99D3848F54",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59891EF1-7733-4E02-A3D7-F48ECECACF6E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "612C3ED3-1A90-4E35-A69A-87336107D2FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:n42_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F6E4D71-085F-4CF0-A95C-F6A139A7BDD8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkcentre_chromebox:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5580DCA1-A57C-4A49-99C7-4C31910E8C66",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAE0B2B-A078-4E08-BD4D-2E27E72061B6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4B481236-6FD6-47CC-925A-1580894DED37",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lg:chromebase_22cb25s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DE1EB6A-BCE0-443B-843C-83A4A74480FE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:lg:chromebase_22cv241:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE08B38-D2E4-46FF-BDBF-101516B7F760",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:medion:akoya_s2013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F934EA3-1BEB-4E0F-88BA-2A8519891D1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:medion:chromebook_s2015:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9737D5FA-076F-45CF-BE72-4AC92A16ACE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mercer:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51F7E626-C417-4164-93E8-86FF2CA81210",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:mercer:v2_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35C6DD3A-6622-41B3-B716-9020DE5674A8",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:ncomputing:chromebook_cx100:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7D02136-E17B-4D4F-9773-14B0E3CF674A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:nexian:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "993BF4EC-0564-47D8-A920-37D4D2FF1F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E3E313-4177-4791-A405-36A9E20023E1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:poin2:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1EABBA-125A-48D2-A851-CAF5AEB3FF0C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:poin2:chromebook_14:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D92963A3-720A-495E-8EEF-D96B782CF4F3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:positivo:chromebook_ch1190:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E62BD4DE-D78E-4C70-A54C-7655E1418073",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:prowise:entry_line_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5803975-6443-49F0-B2E2-2CE362F15B0B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:prowise:proline_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5510D58D-A29E-426B-98B8-D3FF0DF05728",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:rgs:education_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D29D3147-8560-4380-8940-AC2B1CE76B95",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_2_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4116587-2E83-4ABA-8B9A-E0A80C3B6A1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "813366C6-684F-4A0E-BCDE-C8A4A389B905",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_2_13:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2F0A50F-4D99-434E-B198-3AE48B5E7413",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_3:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9246074B-C1F2-494D-B4BB-0F7BB3CAF688",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_plus:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BF56D6E5-4F7B-45E4-A35A-0AD13B045580",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:chromebook_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "881D9BFA-8ACA-4188-A72A-BE48AFEED4F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:sector-five:e1_rugged_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99E9041D-FA9A-4FDF-B5CF-DC479FA982A6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:senkatel:c1101_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E5D8DD-4BC2-4E5A-854F-E24AE48B1FE0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:toshiba:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B7535529-897C-4D66-87FF-638DA60D7E3D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:toshiba:chromebook_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "42996DF5-8D88-4D65-827E-59AC8FAE90EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:toshiba:chromebook_2:-:*:2015:*:*:*:*:*",
"matchCriteriaId": "BA9D7740-2232-4ACC-861F-58CD3F4ABCDD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:true:idc_chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1EF68C69-3504-4209-BE16-33F7537C7D1E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:true:idc_chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9AEFDE24-B175-4DA2-AD5A-37F42DF3AF8A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:videonet:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2C8ABD-12F1-4710-B6D6-DF8ADCC37CED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:videonet:chromebook_bl10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAB3D5B-99CF-48C8-A543-2672AEAB1362",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:viglen:chromebook_11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9D42B185-D644-4149-8616-DC292A8D3AF2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:viglen:chromebook_360:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75761B52-09E9-4B04-8E6A-0928439E429C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:xolo:chromebook:-:*:*:*:*:*:*:*",
"matchCriteriaId": "65407B5D-E6DD-4994-813C-BD5543111FBB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*",
"matchCriteriaId": "43DDE644-1B5C-4B9E-9E91-1F9F2A1185D4",
"versionEndIncluding": "1.02.013",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
},
{
"lang": "es",
"value": "La librer\u00c3\u00ada Infineon RSA 1.02.013 en firmware Infineon Trusted Platform Module (TPM) como las versiones anteriores a la 0000000000000422 - 4.34, anteriores a la 000000000000062b - 6.43 y anteriores a la 0000000000008521 - 133.33, gestiona de manera incorrecta la generaci\u00c3\u00b3n de claves RSA, lo que hace que sea m\u00c3\u00a1s f\u00c3\u00a1cil para los atacantes superar varios mecanismos de protecci\u00c3\u00b3n criptogr\u00c3\u00a1fica mediante ataques dirigidos, conocido como ROCA. Ejemplos de las tecnolog\u00c3\u00adas afectadas son BitLocker con TPM 1.2, la generaci\u00c3\u00b3n de claves PGP con YubiKey 4 (en versiones anteriores a la 4.3.5) y la caracter\u00c3\u00adstica de cifrado Cached User Data en Chrome OS."
}
],
"id": "CVE-2017-15361",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-16T17:29:00.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"source": "cve@mitre.org",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"source": "cve@mitre.org",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"source": "cve@mitre.org",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://keychest.net/roca"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"source": "cve@mitre.org",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"source": "cve@mitre.org",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://keychest.net/roca"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-QCRQ-WP7V-84JC
Vulnerability from github – Published: 2022-05-13 01:43 – Updated: 2025-04-20 03:46
VLAI?
Details
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Severity ?
5.9 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-15361"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-16T17:29:00Z",
"severity": "MODERATE"
},
"details": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.",
"id": "GHSA-qcrq-wp7v-84jc",
"modified": "2025-04-20T03:46:51Z",
"published": "2022-05-13T01:43:45Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15361"
},
{
"type": "WEB",
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"type": "WEB",
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"type": "WEB",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"type": "WEB",
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"type": "WEB",
"url": "https://monitor.certipath.com/rsatest"
},
{
"type": "WEB",
"url": "https://keychest.net/roca"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"type": "WEB",
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"type": "WEB",
"url": "https://github.com/crocs-muni/roca"
},
{
"type": "WEB",
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards"
},
{
"type": "WEB",
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"type": "WEB",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"type": "WEB",
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids"
},
{
"type": "WEB",
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101484"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
CVE-2017-15361
Vulnerability from fstec - Published: 10.10.2017
VLAI Severity ?
Title
Уязвимость библиотеки шифрования Infineon RSA Library, связанная с ошибками при генерации простых чисел в алгоритме RSA, позволяющая нарушителю раскрыть секретную часть ключа
Description
Уязвимость библиотеки шифрования Infineon RSA Library связана с ошибками при генерации простых чисел в алгоритме RSA. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть секретную часть ключа
Severity ?
Vendor
Microsoft Corp, Infineon Technologies AG, Google Inc
Software Name
Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, Windows Server 2016, Windows 10 1709, RSA Library, Trusted Platform Module, Chrome OS
Software Version
- (Windows 8.1), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows RT 8.1), - (Windows 10), - (Windows 10 1511), - (Windows 10 1607), - (Windows 10 1703), - (Windows Server 2016), - (Windows 10 1709), до 1.02.013 (RSA Library), 4.31 (Trusted Platform Module), 4.32 (Trusted Platform Module), 6.40 (Trusted Platform Module), 133.32 (Trusted Platform Module), до M60 (Chrome OS)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Infineon Technologies AG:
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
Для программных продуктов Microsoft Corp.:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
Для программных продуктов Google Inc.:
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
Reference
http://www.dell.com/support/article/us/en/19/sln307820/
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190026
http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html
https://safenet.gemalto.com/technical-support/security-updates/
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
https://support.hp.com/us-en/document/c05792935
https://nvd.nist.gov/vuln/detail/CVE-2017-15361
CWE
CWE-310
{
"CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, Infineon Technologies AG, Google Inc",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows 8.1), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows RT 8.1), - (Windows 10), - (Windows 10 1511), - (Windows 10 1607), - (Windows 10 1703), - (Windows Server 2016), - (Windows 10 1709), \u0434\u043e 1.02.013 (RSA Library), 4.31 (Trusted Platform Module), 4.32 (Trusted Platform Module), 6.40 (Trusted Platform Module), 133.32 (Trusted Platform Module), \u0434\u043e M60 (Chrome OS)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Infineon Technologies AG:\nhttps://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Google Inc.:\nhttps://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.10.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.12.2019",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.12.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04743",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-15361",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, Windows Server 2016, Windows 10 1709, RSA Library, Trusted Platform Module, Chrome OS",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows 8.1 - 64-bit, Microsoft Corp Windows 8.1 - 32-bit, Microsoft Corp Windows Server 2012 - , Microsoft Corp Windows Server 2012 R2 - , Microsoft Corp Windows RT 8.1 - ARM, Microsoft Corp Windows 10 - 64-bit, Microsoft Corp Windows 10 - 32-bit, Microsoft Corp Windows 10 1511 - 64-bit, Microsoft Corp Windows 10 1511 - 32-bit, Microsoft Corp Windows 10 1607 - 64-bit, Microsoft Corp Windows 10 1607 - 32-bit, Microsoft Corp Windows 10 1703 - 32-bit, Microsoft Corp Windows Server 2016 - , Microsoft Corp Windows 10 1703 - 64-bit, Microsoft Corp Windows 10 1709 - 64-bit, Microsoft Corp Windows 10 1709 - 32-bit, Google Inc Chrome OS \u0434\u043e M60 ",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f Infineon RSA Library, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0447\u0438\u0441\u0435\u043b \u0432 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0435 RSA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u0443\u044e \u0447\u0430\u0441\u0442\u044c \u043a\u043b\u044e\u0447\u0430",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 (CWE-310)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f Infineon RSA Library \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0447\u0438\u0441\u0435\u043b \u0432 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0435 RSA. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u0443\u044e \u0447\u0430\u0441\u0442\u044c \u043a\u043b\u044e\u0447\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.dell.com/support/article/us/en/19/sln307820/\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190026\nhttp://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html\nhttps://safenet.gemalto.com/technical-support/security-updates/\nhttps://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update\nhttps://support.hp.com/us-en/document/c05792935\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15361",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-310",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}
GSD-2017-15361
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-15361",
"description": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.",
"id": "GSD-2017-15361",
"references": [
"https://www.suse.com/security/cve/CVE-2017-15361.html",
"https://advisories.mageia.org/CVE-2017-15361.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-15361"
],
"details": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.",
"id": "GSD-2017-15361",
"modified": "2023-12-13T01:20:59.140564Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
"refsource": "MISC",
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
"refsource": "MISC",
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"name": "https://blog.cr.yp.to/20171105-infineon.html",
"refsource": "MISC",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"name": "https://monitor.certipath.com/rsatest",
"refsource": "MISC",
"url": "https://monitor.certipath.com/rsatest"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
"refsource": "MISC",
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
"refsource": "MISC",
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"name": "http://support.lenovo.com/us/en/product_security/LEN-15552",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171024-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
"refsource": "MISC",
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"name": "https://github.com/crocs-muni/roca",
"refsource": "MISC",
"url": "https://github.com/crocs-muni/roca"
},
{
"name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
"refsource": "MISC",
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101484"
},
{
"name": "https://keychest.net/roca",
"refsource": "MISC",
"url": "https://keychest.net/roca"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:6.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:4.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:infineon:trusted_platform_firmware:4.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:viglen:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:viglen:chromebook_360:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:toshiba:chromebook_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:senkatel:c1101_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:rgs:education_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:prowise:proline_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ncomputing:chromebook_cx100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:medion:chromebook_s2015:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n20_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n21_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g4\\/g4_ee:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_ak000-099:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_g4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11_g2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:chromebook_m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:chromebook_r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:bobicus:chromebook_11:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_flip_c100pa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_flip_c302:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromeboxi:-:*:mini:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:c720_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c771:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c771t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_n7_c731:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_r11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:nl61_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:n6_chromebook:-:*:*:*:*:education:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:videonet:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:videonet:chromebook_bl10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sector-five:e1_rugged_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:prowise:entry_line_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:positivo:chromebook_ch1190:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:medion:akoya_s2013:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:mercer:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n22_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n23_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook:-:*:*:*:*:meetings:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_1100-1199:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g5:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_x000-x999:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14_g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11_c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:cmt_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebit_cs10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c201pa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebox_cn60:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebox_cn62:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebase:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebase_24:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_13_cb5-311:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_14_cb3-431:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebox_cxi2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:j5_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:j4_chromebook:-:*:*:*:*:education:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:true:idc_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:true:idc_chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_2_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_2_13:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:poin2:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:poin2:chromebook_14:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:mercer:v2_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lg:chromebase_22cb25s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_2000-2099:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_2100-2199:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11-vxxx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g5_ee:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebox_cb1-\\(000-099\\):-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebox_g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hisense:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:epik:chromebook_elb1101:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edxis:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11_3120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11_3189:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c202sa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asi:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromebase:-:*:commercial:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c730:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c730e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_15_cb3-531:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:ctl:j2_chromebook:-:*:*:*:*:education:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:xolo:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:toshiba:chromebook_2:-:*:2015:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:toshiba:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_plus:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:samsung:chromebook_pro:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:nexian:chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lg:chromebase_22cv241:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:100s_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:n42_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:lenovo:thinkcentre_chromebox:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_g3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_11_2200-2299:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_13_g1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hp:chromebook_14:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:hexa:chromebook_pi:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:haier:chromebook_11:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edxis:education_chromebook:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:edugear:chromebook_k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_11_model_3180:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:dell:chromebook_13_3380:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c300sa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:asus:chromebook_c301sa:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromebox:-:*:commercial:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:aopen:chromebase:-:*:mini:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c735:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_11_c740:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_15_cb3-532:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:acer:chromebook_15_cb5-571:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.013",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15361"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
"refsource": "MISC",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"name": "http://support.lenovo.com/us/en/product_security/LEN-15552",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"name": "101484",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"name": "VU#307015",
"refsource": "CERT-VN",
"tags": [
"Issue Tracking",
"Mitigation",
"US Government Resource",
"Third Party Advisory"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"name": "https://monitor.certipath.com/rsatest",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"name": "https://keychest.net/roca",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Mitigation",
"Third Party Advisory"
],
"url": "https://keychest.net/roca"
},
{
"name": "https://github.com/crocs-muni/roca",
"refsource": "MISC",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171024-0001/",
"refsource": "CONFIRM",
"tags": [],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"name": "https://blog.cr.yp.to/20171105-infineon.html",
"refsource": "MISC",
"tags": [],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
"refsource": "MISC",
"tags": [],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
"refsource": "CONFIRM",
"tags": [],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
"refsource": "CONFIRM",
"tags": [],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2019-10-03T00:03Z",
"publishedDate": "2017-10-16T17:29Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…