Vulnerabilites related to mercer - chromebook
Vulnerability from fkie_nvd
Published
2017-10-16 17:29
Modified
2024-11-21 03:14
Severity ?
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:infineon:trusted_platform_firmware:4.31:*:*:*:*:*:*:*", matchCriteriaId: "6D825C88-A5D7-4C1F-B09B-FF63FCE1B5F7", vulnerable: true, }, { criteria: "cpe:2.3:o:infineon:trusted_platform_firmware:4.32:*:*:*:*:*:*:*", matchCriteriaId: "5C08FA98-E0C2-4382-94BD-5C40DECD1DB5", vulnerable: true, }, { criteria: "cpe:2.3:o:infineon:trusted_platform_firmware:6.40:*:*:*:*:*:*:*", matchCriteriaId: "D4751A17-AD4C-4F50-B0DD-4E02427BBA2E", vulnerable: true, }, { criteria: "cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:*", matchCriteriaId: "1A8A144B-1859-4C49-8AC4-10EB0FD740F5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:h:acer:c720_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "878D0151-EE41-4EF6-A424-DA855C18986A", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebase:-:*:*:*:*:*:*:*", matchCriteriaId: "57181990-1011-424B-8B0D-4FCBEE35E888", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebase_24:-:*:*:*:*:*:*:*", matchCriteriaId: "11A4C072-B9A0-47ED-8060-AA0159AF0020", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_11_c730:-:*:*:*:*:*:*:*", matchCriteriaId: "088996B8-E506-4A50-8EB0-5A1258D681AC", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_11_c730e:-:*:*:*:*:*:*:*", matchCriteriaId: "B50E8CCB-3B69-42E4-8AEE-88D0D7B9EB2F", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_11_c735:-:*:*:*:*:*:*:*", matchCriteriaId: "3F326698-B295-4807-A4B4-0BAA9B66589E", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_11_c740:-:*:*:*:*:*:*:*", matchCriteriaId: "BDAE0DD7-5608-4556-9978-EE7E01023DA8", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_11_c771:-:*:*:*:*:*:*:*", matchCriteriaId: "AE7D2911-0265-4B37-8CD8-42DCEC7EABDB", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_11_c771t:-:*:*:*:*:*:*:*", matchCriteriaId: "F3DD548B-AD54-4C47-9134-6B7A2398160B", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_11_n7_c731:-:*:*:*:*:*:*:*", matchCriteriaId: "3ADB4F13-0684-424B-AA6B-8A7018777984", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_13_cb5-311:-:*:*:*:*:*:*:*", matchCriteriaId: "295D21FA-D8D2-4C19-A5B6-50D7281B2A59", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_14_cb3-431:-:*:*:*:*:*:*:*", matchCriteriaId: "08683AB6-D690-408C-A5C7-9EF32A40876D", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:*:*:*:*:*:*:*", matchCriteriaId: "47665085-66B9-4E11-9D20-3A5A73352D91", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_15_cb3-531:-:*:*:*:*:*:*:*", matchCriteriaId: "6B6973F7-0B85-4064-8879-543A243D8A8B", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_15_cb3-532:-:*:*:*:*:*:*:*", matchCriteriaId: "72BE3BCF-6FE8-46F1-B774-60916DE234CF", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_15_cb5-571:-:*:*:*:*:*:*:*", matchCriteriaId: "0413E176-3B87-4333-A9FB-A0727015ACDC", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_r11:-:*:*:*:*:*:*:*", matchCriteriaId: "075859B8-D6BE-45BB-81A0-C89792743BB1", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:*:*:*:*:*:*:*", matchCriteriaId: "E2A25AC3-0FB5-4F01-9865-0938E3976D96", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebox:-:*:*:*:*:*:*:*", matchCriteriaId: "7D33132B-CC32-4640-8BF7-F8FCF80F6EC0", vulnerable: false, }, { criteria: "cpe:2.3:h:acer:chromebox_cxi2:-:*:*:*:*:*:*:*", matchCriteriaId: "CFA85C38-CDBC-4163-8105-4E902ADD747A", vulnerable: false, }, { criteria: "cpe:2.3:h:aopen:chromebase:-:*:commercial:*:*:*:*:*", matchCriteriaId: "A5821187-153C-48BD-802B-89FD159755D2", vulnerable: false, }, { criteria: "cpe:2.3:h:aopen:chromebase:-:*:mini:*:*:*:*:*", matchCriteriaId: "6D656A2B-6234-4BB2-A5CC-54B4EBA59FE9", vulnerable: false, }, { criteria: "cpe:2.3:h:aopen:chromebox:-:*:commercial:*:*:*:*:*", matchCriteriaId: "589B967C-3EF0-42DF-9FEF-C3411AC38B4E", vulnerable: false, }, { criteria: "cpe:2.3:h:aopen:chromeboxi:-:*:mini:*:*:*:*:*", matchCriteriaId: "3CB7F169-02A0-44B4-816B-0135DFD46905", vulnerable: false, }, { criteria: "cpe:2.3:h:asi:chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "8DF33E72-2E47-4D41-9B05-8D13B26694F0", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebit_cs10:-:*:*:*:*:*:*:*", matchCriteriaId: "68B8BACC-0F84-41A6-BBE0-3987B1E56A8D", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_c200:-:*:*:*:*:*:*:*", matchCriteriaId: "280E26E9-5075-469C-A1B1-0CC833B32520", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_c201pa:-:*:*:*:*:*:*:*", matchCriteriaId: "85F1DF93-A998-4528-9C82-721D16698FA3", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_c202sa:-:*:*:*:*:*:*:*", matchCriteriaId: "3ADFFC94-7F7A-40CF-817B-483BBDCCB66D", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_c300:-:*:*:*:*:*:*:*", matchCriteriaId: "BA7EA3C8-8B68-4BE1-9C2D-FAFC4AF8EA7B", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_c300sa:-:*:*:*:*:*:*:*", matchCriteriaId: "66CB44E8-A520-4291-9D48-5ED4BD2B9FB2", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_c301sa:-:*:*:*:*:*:*:*", matchCriteriaId: "6530E801-A924-4B0D-9602-92D320828C75", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_flip_c100pa:-:*:*:*:*:*:*:*", matchCriteriaId: "AB4C201C-3C87-4FC6-A48E-1428EA481195", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebook_flip_c302:-:*:*:*:*:*:*:*", matchCriteriaId: "3C9716ED-3AEA-439B-9148-C66CC98D0D6B", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebox_cn60:-:*:*:*:*:*:*:*", matchCriteriaId: "3EE2D4E6-CD1A-4336-9C1A-7B8FA5377CB0", vulnerable: false, }, { criteria: "cpe:2.3:h:asus:chromebox_cn62:-:*:*:*:*:*:*:*", matchCriteriaId: "A308E84E-1044-41EC-A7A2-2A0E5A5DAD02", vulnerable: false, }, { criteria: "cpe:2.3:h:bobicus:chromebook_11:*:*:*:*:*:*:*:*", matchCriteriaId: "FAEB2859-2C44-410C-85F9-B37339161245", vulnerable: false, }, { criteria: "cpe:2.3:h:ctl:j2_chromebook:-:*:*:*:*:education:*:*", matchCriteriaId: "48E098F9-7EFD-452B-9A9C-383039BF8150", vulnerable: false, }, { criteria: "cpe:2.3:h:ctl:j4_chromebook:-:*:*:*:*:education:*:*", matchCriteriaId: "51F47A6C-430C-4635-BF8F-E837F37673FD", vulnerable: false, }, { criteria: "cpe:2.3:h:ctl:j5_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "7FBD6167-984D-492E-AA47-468678051CEC", vulnerable: false, }, { criteria: "cpe:2.3:h:ctl:n6_chromebook:-:*:*:*:*:education:*:*", matchCriteriaId: "0E93EBE6-B016-42C1-A65A-4B14038DA0A7", vulnerable: false, }, { criteria: "cpe:2.3:h:ctl:nl61_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "7987CC19-4679-47A6-B2B9-8D0A9F804925", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:chromebook_11:-:*:*:*:*:*:*:*", matchCriteriaId: "42D5DB45-A37D-48BE-9F00-C2108D47A4D2", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:chromebook_11_3120:-:*:*:*:*:*:*:*", matchCriteriaId: "F36AB1C2-6B81-49F7-998A-4E5A0692C161", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:chromebook_11_3189:-:*:*:*:*:*:*:*", matchCriteriaId: "E1F0D7C4-DB72-41CC-A163-BF9CA4315BCB", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:chromebook_11_model_3180:-:*:*:*:*:*:*:*", matchCriteriaId: "187CCE09-CC6D-455A-96A7-91667C22FCF4", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:chromebook_13_3380:-:*:*:*:*:*:*:*", matchCriteriaId: "A6BE3D28-7E3F-419C-84E3-A29D858AADEF", vulnerable: false, }, { criteria: "cpe:2.3:h:dell:chromebox:-:*:*:*:*:*:*:*", matchCriteriaId: "455A3086-A52F-49DC-993F-E3FA17A3BE15", vulnerable: false, }, { criteria: "cpe:2.3:h:edugear:chromebook_k:-:*:*:*:*:*:*:*", matchCriteriaId: "8534D121-1A3A-42C1-BC0E-B37012A5F7C7", vulnerable: false, }, { criteria: "cpe:2.3:h:edugear:chromebook_m:-:*:*:*:*:*:*:*", matchCriteriaId: "BF753670-DD77-415D-BD4B-17D41F975A0D", vulnerable: false, }, { criteria: "cpe:2.3:h:edugear:chromebook_r:-:*:*:*:*:*:*:*", matchCriteriaId: "9B0E191E-A0D9-4B8C-929B-012DF95A1FE3", vulnerable: false, }, { criteria: "cpe:2.3:h:edugear:cmt_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "BE234602-9C70-425B-A677-382775EDC564", vulnerable: false, }, { criteria: "cpe:2.3:h:edxis:chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "04C5FAF4-1B36-4379-A530-6AB0509E69DA", vulnerable: false, }, { criteria: "cpe:2.3:h:edxis:education_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "8676FD39-8386-42D7-B551-A794B83268D3", vulnerable: false, }, { criteria: "cpe:2.3:h:epik:chromebook_elb1101:-:*:*:*:*:*:*:*", matchCriteriaId: "F8B403CE-EDC1-426F-94A4-B19FAEEAC8EC", vulnerable: false, }, { criteria: "cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:*", matchCriteriaId: "B17D3A78-87DD-44CD-AB11-3E42AEB1A1D9", vulnerable: false, }, { criteria: "cpe:2.3:h:haier:chromebook_11:-:*:*:*:*:*:*:*", matchCriteriaId: "98D228FA-C7BD-4FA9-9885-4E2331E81966", vulnerable: false, }, { criteria: "cpe:2.3:h:haier:chromebook_11_c:-:*:*:*:*:*:*:*", matchCriteriaId: "BA2A4B85-5CA1-4D00-9F39-841FB6DE94EE", vulnerable: false, }, { criteria: "cpe:2.3:h:haier:chromebook_11_g2:-:*:*:*:*:*:*:*", matchCriteriaId: "8833B8E1-E49E-4DA9-988C-B0615468DDFF", vulnerable: false, }, { criteria: "cpe:2.3:h:haier:chromebook_11e:-:*:*:*:*:*:*:*", matchCriteriaId: "9EAD51FB-53D2-44BA-8C0B-70305E5C264E", vulnerable: false, }, { criteria: "cpe:2.3:h:hexa:chromebook_pi:-:*:*:*:*:*:*:*", matchCriteriaId: "D4DA08F6-67F6-4577-8959-19290EF58553", vulnerable: false, }, { criteria: "cpe:2.3:h:hisense:chromebook_11:-:*:*:*:*:*:*:*", matchCriteriaId: "29036285-F6EB-4BCA-A338-0266F10A4B13", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook:-:*:*:*:*:meetings:*:*", matchCriteriaId: "106D11AE-4322-455C-B10E-FD4F2992B4DF", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11-vxxx:-:*:*:*:*:*:*:*", matchCriteriaId: "CE44E53F-383A-43E0-9B67-F736749764B9", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_1100-1199:-:*:*:*:*:*:*:*", matchCriteriaId: "72E87B3E-5E9D-419F-BFF6-C550A26B9D31", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_2000-2099:-:*:*:*:*:*:*:*", matchCriteriaId: "89E336A5-8C90-405B-846F-003856AF8336", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_2100-2199:-:*:*:*:*:*:*:*", matchCriteriaId: "613BB633-7F07-4F3F-9327-B308E542FB6F", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_2200-2299:-:*:*:*:*:*:*:*", matchCriteriaId: "BBD37DD3-C729-4851-ACBE-D72848FDBAB5", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_g1:-:*:*:*:*:*:*:*", matchCriteriaId: "62F027B0-FC37-4F25-BAF2-78C8E695C9E4", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_g2:-:*:*:*:*:*:*:*", matchCriteriaId: "433AC4ED-752F-4B33-A294-CF2A82D8C12C", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_g3:-:*:*:*:*:*:*:*", matchCriteriaId: "9AC8BDF0-F181-491D-88E7-8DD1FB5DC217", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_g4\\/g4_ee:-:*:*:*:*:*:*:*", matchCriteriaId: "A50F3009-FD55-454D-8BBB-C8CC7B692092", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_g5:-:*:*:*:*:*:*:*", matchCriteriaId: "F2A8ECDE-FA43-42C8-A866-24909A2ACA1E", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_11_g5_ee:-:*:*:*:*:*:*:*", matchCriteriaId: "26C827F6-3C93-48DB-B8EE-4C8B715CC66C", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_13_g1:-:*:*:*:*:*:*:*", matchCriteriaId: "FC73A69B-777B-498E-B7C9-2D98D26E4864", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_14:-:*:*:*:*:*:*:*", matchCriteriaId: "8BB89A0E-A308-4FAC-8FF6-83B3A932D549", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_14_ak000-099:-:*:*:*:*:*:*:*", matchCriteriaId: "808093B3-07B4-48DE-9784-0ABA100187F8", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_14_g3:-:*:*:*:*:*:*:*", matchCriteriaId: "AB8B82E0-BE77-4A6F-B867-AE51E775146D", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_14_g4:-:*:*:*:*:*:*:*", matchCriteriaId: "1F00BDBE-F0D2-4B8C-BD8E-C1E52CBE216E", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebook_14_x000-x999:-:*:*:*:*:*:*:*", matchCriteriaId: "4233E3FD-B9A5-43BF-9C7F-80BF7446CD5D", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebox_cb1-\\(000-099\\):-:*:*:*:*:*:*:*", matchCriteriaId: "B4DB5A7A-310D-442F-BE25-41A573EC8341", vulnerable: false, }, { criteria: "cpe:2.3:h:hp:chromebox_g1:-:*:*:*:*:*:*:*", matchCriteriaId: "71390570-8953-493B-9EF7-78D4A9AD0156", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:100s_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "F3DD500A-CF2D-491A-AD2E-6201899840AE", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:n20_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "F17AAE58-B621-4737-8045-4ACD5FCB1090", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:n21_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "86B3EEBB-44DC-4923-AABB-FF3633C570BC", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:n22_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "CC42851D-E264-40C4-B44C-3CF3AAB3AE41", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:n23_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "ED745A48-294A-4FB7-A845-8B99D3848F54", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "59891EF1-7733-4E02-A3D7-F48ECECACF6E", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "612C3ED3-1A90-4E35-A69A-87336107D2FE", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:n42_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "9F6E4D71-085F-4CF0-A95C-F6A139A7BDD8", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:thinkcentre_chromebox:-:*:*:*:*:*:*:*", matchCriteriaId: "5580DCA1-A57C-4A49-99C7-4C31910E8C66", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "9CAE0B2B-A078-4E08-BD4D-2E27E72061B6", vulnerable: false, }, { criteria: "cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "4B481236-6FD6-47CC-925A-1580894DED37", vulnerable: false, }, { criteria: "cpe:2.3:h:lg:chromebase_22cb25s:-:*:*:*:*:*:*:*", matchCriteriaId: "7DE1EB6A-BCE0-443B-843C-83A4A74480FE", vulnerable: false, }, { criteria: "cpe:2.3:h:lg:chromebase_22cv241:-:*:*:*:*:*:*:*", matchCriteriaId: "EDE08B38-D2E4-46FF-BDBF-101516B7F760", vulnerable: false, }, { criteria: "cpe:2.3:h:medion:akoya_s2013:-:*:*:*:*:*:*:*", matchCriteriaId: "1F934EA3-1BEB-4E0F-88BA-2A8519891D1E", vulnerable: false, }, { criteria: "cpe:2.3:h:medion:chromebook_s2015:-:*:*:*:*:*:*:*", matchCriteriaId: "9737D5FA-076F-45CF-BE72-4AC92A16ACE9", vulnerable: false, }, { criteria: "cpe:2.3:h:mercer:chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "51F7E626-C417-4164-93E8-86FF2CA81210", vulnerable: false, }, { criteria: "cpe:2.3:h:mercer:v2_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "35C6DD3A-6622-41B3-B716-9020DE5674A8", vulnerable: false, }, { criteria: "cpe:2.3:h:ncomputing:chromebook_cx100:-:*:*:*:*:*:*:*", matchCriteriaId: "F7D02136-E17B-4D4F-9773-14B0E3CF674A", vulnerable: false, }, { criteria: "cpe:2.3:h:nexian:chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "993BF4EC-0564-47D8-A920-37D4D2FF1F6B", vulnerable: false, }, { criteria: "cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:*:*:*:*:*:*:*", matchCriteriaId: "43E3E313-4177-4791-A405-36A9E20023E1", vulnerable: false, }, { criteria: "cpe:2.3:h:poin2:chromebook_11:-:*:*:*:*:*:*:*", matchCriteriaId: "FE1EABBA-125A-48D2-A851-CAF5AEB3FF0C", vulnerable: false, }, { criteria: "cpe:2.3:h:poin2:chromebook_14:-:*:*:*:*:*:*:*", matchCriteriaId: "D92963A3-720A-495E-8EEF-D96B782CF4F3", vulnerable: false, }, { criteria: "cpe:2.3:h:positivo:chromebook_ch1190:-:*:*:*:*:*:*:*", matchCriteriaId: "E62BD4DE-D78E-4C70-A54C-7655E1418073", vulnerable: false, }, { criteria: "cpe:2.3:h:prowise:entry_line_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "A5803975-6443-49F0-B2E2-2CE362F15B0B", vulnerable: false, }, { criteria: "cpe:2.3:h:prowise:proline_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "5510D58D-A29E-426B-98B8-D3FF0DF05728", vulnerable: false, }, { criteria: "cpe:2.3:h:rgs:education_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "D29D3147-8560-4380-8940-AC2B1CE76B95", vulnerable: false, }, { criteria: "cpe:2.3:h:samsung:chromebook_2_11:-:*:*:*:*:*:*:*", matchCriteriaId: "F4116587-2E83-4ABA-8B9A-E0A80C3B6A1E", vulnerable: false, }, { criteria: "cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:*:*:*:*:*:*:*", matchCriteriaId: "813366C6-684F-4A0E-BCDE-C8A4A389B905", vulnerable: false, }, { criteria: "cpe:2.3:h:samsung:chromebook_2_13:-:*:*:*:*:*:*:*", matchCriteriaId: "B2F0A50F-4D99-434E-B198-3AE48B5E7413", vulnerable: false, }, { criteria: "cpe:2.3:h:samsung:chromebook_3:-:*:*:*:*:*:*:*", matchCriteriaId: "9246074B-C1F2-494D-B4BB-0F7BB3CAF688", vulnerable: false, }, { criteria: "cpe:2.3:h:samsung:chromebook_plus:-:*:*:*:*:*:*:*", matchCriteriaId: "BF56D6E5-4F7B-45E4-A35A-0AD13B045580", vulnerable: false, }, { criteria: "cpe:2.3:h:samsung:chromebook_pro:-:*:*:*:*:*:*:*", matchCriteriaId: "881D9BFA-8ACA-4188-A72A-BE48AFEED4F7", vulnerable: false, }, { criteria: "cpe:2.3:h:sector-five:e1_rugged_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "99E9041D-FA9A-4FDF-B5CF-DC479FA982A6", vulnerable: false, }, { criteria: "cpe:2.3:h:senkatel:c1101_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "F2E5D8DD-4BC2-4E5A-854F-E24AE48B1FE0", vulnerable: false, }, { criteria: "cpe:2.3:h:toshiba:chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "B7535529-897C-4D66-87FF-638DA60D7E3D", vulnerable: false, }, { criteria: "cpe:2.3:h:toshiba:chromebook_2:-:*:*:*:*:*:*:*", matchCriteriaId: "42996DF5-8D88-4D65-827E-59AC8FAE90EB", vulnerable: false, }, { criteria: "cpe:2.3:h:toshiba:chromebook_2:-:*:2015:*:*:*:*:*", matchCriteriaId: "BA9D7740-2232-4ACC-861F-58CD3F4ABCDD", vulnerable: false, }, { criteria: "cpe:2.3:h:true:idc_chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "1EF68C69-3504-4209-BE16-33F7537C7D1E", vulnerable: false, }, { criteria: "cpe:2.3:h:true:idc_chromebook_11:-:*:*:*:*:*:*:*", matchCriteriaId: "9AEFDE24-B175-4DA2-AD5A-37F42DF3AF8A", vulnerable: false, }, { criteria: "cpe:2.3:h:videonet:chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "8D2C8ABD-12F1-4710-B6D6-DF8ADCC37CED", vulnerable: false, }, { criteria: "cpe:2.3:h:videonet:chromebook_bl10:-:*:*:*:*:*:*:*", matchCriteriaId: "0EAB3D5B-99CF-48C8-A543-2672AEAB1362", vulnerable: false, }, { criteria: "cpe:2.3:h:viglen:chromebook_11:-:*:*:*:*:*:*:*", matchCriteriaId: "9D42B185-D644-4149-8616-DC292A8D3AF2", vulnerable: false, }, { criteria: "cpe:2.3:h:viglen:chromebook_360:-:*:*:*:*:*:*:*", matchCriteriaId: "75761B52-09E9-4B04-8E6A-0928439E429C", vulnerable: false, }, { criteria: "cpe:2.3:h:xolo:chromebook:-:*:*:*:*:*:*:*", matchCriteriaId: "65407B5D-E6DD-4994-813C-BD5543111FBB", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*", matchCriteriaId: "43DDE644-1B5C-4B9E-9E91-1F9F2A1185D4", versionEndIncluding: "1.02.013", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.", }, { lang: "es", value: "La librerÃa Infineon RSA 1.02.013 en firmware Infineon Trusted Platform Module (TPM) como las versiones anteriores a la 0000000000000422 - 4.34, anteriores a la 000000000000062b - 6.43 y anteriores a la 0000000000008521 - 133.33, gestiona de manera incorrecta la generación de claves RSA, lo que hace que sea más fácil para los atacantes superar varios mecanismos de protección criptográfica mediante ataques dirigidos, conocido como ROCA. Ejemplos de las tecnologÃas afectadas son BitLocker con TPM 1.2, la generación de claves PGP con YubiKey 4 (en versiones anteriores a la 4.3.5) y la caracterÃstica de cifrado Cached User Data en Chrome OS.", }, ], id: "CVE-2017-15361", lastModified: "2024-11-21T03:14:32.883", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 4.3, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:M/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.2, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2017-10-16T17:29:00.243", references: [ { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "http://support.lenovo.com/us/en/product_security/LEN-15552", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101484", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/", }, { source: "cve@mitre.org", url: "https://blog.cr.yp.to/20171105-infineon.html", }, { source: "cve@mitre.org", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://crocs.fi.muni.cz/public/papers/rsa_ccs17", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/crocs-muni/roca", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/iadgov/Detect-CVE-2017-15361-TPM", }, { source: "cve@mitre.org", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://keychest.net/roca", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://monitor.certipath.com/rsatest", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012", }, { source: "cve@mitre.org", url: "https://security.netapp.com/advisory/ntap-20171024-0001/", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update", }, { source: "cve@mitre.org", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us", }, { source: "cve@mitre.org", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160", }, { source: "cve@mitre.org", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html", }, { source: "cve@mitre.org", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html", }, { source: "cve@mitre.org", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/307015", }, { source: "cve@mitre.org", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.yubico.com/support/security-advisories/ysa-2017-01/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "http://support.lenovo.com/us/en/product_security/LEN-15552", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "http://www.securityfocus.com/bid/101484", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://blog.cr.yp.to/20171105-infineon.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://crocs.fi.muni.cz/public/papers/rsa_ccs17", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Third Party Advisory", ], url: "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/crocs-muni/roca", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://github.com/iadgov/Detect-CVE-2017-15361-TPM", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", ], url: "https://keychest.net/roca", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://monitor.certipath.com/rsatest", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://security.netapp.com/advisory/ntap-20171024-0001/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Patch", "Third Party Advisory", ], url: "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Vendor Advisory", ], url: "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Mitigation", "Third Party Advisory", "US Government Resource", ], url: "https://www.kb.cert.org/vuls/id/307015", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mitigation", "Third Party Advisory", ], url: "https://www.yubico.com/support/security-advisories/ysa-2017-01/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2017-15361
Vulnerability from cvelistv5
Published
2017-10-16 17:00
Modified
2024-08-05 19:57
Severity ?
EPSS score ?
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T19:57:25.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://blog.cr.yp.to/20171105-infineon.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://monitor.certipath.com/rsatest", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://crocs.fi.muni.cz/public/papers/rsa_ccs17", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://support.lenovo.com/us/en/product_security/LEN-15552", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20171024-0001/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/iadgov/Detect-CVE-2017-15361-TPM", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html", }, { name: "VU#307015", tags: [ "third-party-advisory", "x_refsource_CERT-VN", "x_transferred", ], url: "https://www.kb.cert.org/vuls/id/307015", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/crocs-muni/roca", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://www.yubico.com/support/security-advisories/ysa-2017-01/", }, { name: "101484", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/101484", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://keychest.net/roca", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2017-10-16T00:00:00", descriptions: [ { lang: "en", value: "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-09-14T20:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160", }, { tags: [ "x_refsource_MISC", ], url: "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/", }, { tags: [ "x_refsource_MISC", ], url: "https://blog.cr.yp.to/20171105-infineon.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us", }, { tags: [ "x_refsource_MISC", ], url: "https://monitor.certipath.com/rsatest", }, { tags: [ "x_refsource_MISC", ], url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01", }, { tags: [ "x_refsource_MISC", ], url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012", }, { tags: [ "x_refsource_MISC", ], url: "https://crocs.fi.muni.cz/public/papers/rsa_ccs17", }, { tags: [ "x_refsource_MISC", ], url: "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://support.lenovo.com/us/en/product_security/LEN-15552", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20171024-0001/", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/iadgov/Detect-CVE-2017-15361-TPM", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html", }, { name: "VU#307015", tags: [ "third-party-advisory", "x_refsource_CERT-VN", ], url: "https://www.kb.cert.org/vuls/id/307015", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/crocs-muni/roca", }, { tags: [ "x_refsource_MISC", ], url: "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://www.yubico.com/support/security-advisories/ysa-2017-01/", }, { name: "101484", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/101484", }, { tags: [ "x_refsource_MISC", ], url: "https://keychest.net/roca", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2017-15361", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160", refsource: "MISC", url: "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160", }, { name: "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/", refsource: "MISC", url: "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/", }, { name: "https://blog.cr.yp.to/20171105-infineon.html", refsource: "MISC", url: "https://blog.cr.yp.to/20171105-infineon.html", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us", }, { name: "https://monitor.certipath.com/rsatest", refsource: "MISC", url: "https://monitor.certipath.com/rsatest", }, { name: "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01", refsource: "MISC", url: "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01", }, { name: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012", refsource: "MISC", url: "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012", }, { name: "https://crocs.fi.muni.cz/public/papers/rsa_ccs17", refsource: "MISC", url: "https://crocs.fi.muni.cz/public/papers/rsa_ccs17", }, { name: "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/", refsource: "MISC", url: "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/", }, { name: "http://support.lenovo.com/us/en/product_security/LEN-15552", refsource: "CONFIRM", url: "http://support.lenovo.com/us/en/product_security/LEN-15552", }, { name: "https://security.netapp.com/advisory/ntap-20171024-0001/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20171024-0001/", }, { name: "https://github.com/iadgov/Detect-CVE-2017-15361-TPM", refsource: "MISC", url: "https://github.com/iadgov/Detect-CVE-2017-15361-TPM", }, { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html", }, { name: "VU#307015", refsource: "CERT-VN", url: "https://www.kb.cert.org/vuls/id/307015", }, { name: "https://github.com/crocs-muni/roca", refsource: "MISC", url: "https://github.com/crocs-muni/roca", }, { name: "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update", refsource: "MISC", url: "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update", }, { name: "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf", refsource: "CONFIRM", url: "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf", }, { name: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us", refsource: "CONFIRM", url: "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us", }, { name: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html", refsource: "CONFIRM", url: "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html", }, { name: "https://www.yubico.com/support/security-advisories/ysa-2017-01/", refsource: "CONFIRM", url: "https://www.yubico.com/support/security-advisories/ysa-2017-01/", }, { name: "101484", refsource: "BID", url: "http://www.securityfocus.com/bid/101484", }, { name: "https://keychest.net/roca", refsource: "MISC", url: "https://keychest.net/roca", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2017-15361", datePublished: "2017-10-16T17:00:00", dateReserved: "2017-10-15T00:00:00", dateUpdated: "2024-08-05T19:57:25.602Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }