All the vulnerabilites related to trustedcomputinggroup - trusted_platform_module
Vulnerability from fkie_nvd
Published
2020-11-18 17:15
Modified
2024-11-21 05:20
Severity ?
7.2 (High) - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
6.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trustedcomputinggroup | trusted_platform_module | 2.0 | |
| trustedcomputinggroup | trusted_platform_module | 2.0 | |
| trustedcomputinggroup | trusted_platform_module | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*",
"matchCriteriaId": "6F43ED59-0C7E-4BBB-8931-4033AEC36269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.40:*:*:*:*:*:*",
"matchCriteriaId": "BC9AD1C2-5D7E-47FC-9B79-E57FE917FD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*",
"matchCriteriaId": "2FC8BA48-73AA-483B-9276-A0605B15F22F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack."
},
{
"lang": "es",
"value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions versiones 1.38 hasta 1.59, presenta un Control de Acceso Inapropiado durante un apagado no ordenado de TPM que usa USE_DA_USED.\u0026#xa0;Una inicializaci\u00f3n inapropiada de este apagado puede resultar en una susceptibilidad a un ataque de tipo dictionary"
}
],
"id": "CVE-2020-26933",
"lastModified": "2024-11-21T05:20:31.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.8,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-11-18T17:15:11.680",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-665"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-28 19:15
Modified
2024-11-21 07:38
Severity ?
Summary
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/782720 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://trustedcomputinggroup.org/about/security/ | Vendor Advisory | |
| cret@cert.org | https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/782720 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trustedcomputinggroup.org/about/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*",
"matchCriteriaId": "AC453113-CAE8-44B0-8306-7BB854B77EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*",
"matchCriteriaId": "6F43ED59-0C7E-4BBB-8931-4033AEC36269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*",
"matchCriteriaId": "2FC8BA48-73AA-483B-9276-A0605B15F22F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3FE6559F-B4C0-4188-86CB-4DB6FBB85A5C",
"versionEndExcluding": "10.0.10240.19805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "93CEF0C6-6B6E-4157-A763-89F570FE0AB7",
"versionEndExcluding": "10.0.14393.5786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3001E324-7A3C-4EEB-86DC-E79471F752BD",
"versionEndExcluding": "10.0.17763.4131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "579AE0F1-E226-4504-9BF8-05E7BAE682D7",
"versionEndExcluding": "10.0.19042.2728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D41F5E5B-D344-41B1-A160-8118DDB623C3",
"versionEndExcluding": "10.0.19044.2728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "BA59AB71-F8C7-49B0-AD2F-F9C00D82C85A",
"versionEndExcluding": "10.0.19045.2728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D06089A-31F7-44C7-98CB-216ABAD280A4",
"versionEndExcluding": "10.0.22000.1696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7BB45E5C-C74C-46B1-BE64-4EF90075A3CC",
"versionEndExcluding": "10.0.22621.1413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40EFB742-9414-4585-A71E-4316D488BFA7",
"versionEndExcluding": "10.0.14393.5786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19233CA-3830-499D-A4C0-2C023C8AD700",
"versionEndExcluding": "10.0.17763.4131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA73D25B-EB4C-4493-9C79-4F4E181FF95B",
"versionEndExcluding": "10.0.20348.1607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in TPM2.0\u0027s Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context."
}
],
"id": "CVE-2023-1017",
"lastModified": "2024-11-21T07:38:17.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-28T19:15:16.657",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/782720"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/782720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-08-17 18:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/105203 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.usenix.org/conference/usenixsecurity18/presentation/han | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/105203 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.usenix.org/conference/usenixsecurity18/presentation/han | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| trustedcomputinggroup | trusted_platform_module | 2.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A2D463F2-4773-4E39-ACE7-91610CDCC3B1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema que afecta a todos los fabricantes de firmware de BIOS que realizan una cierta interpretaci\u00f3n realista de una porci\u00f3n ofuscada de la especificaci\u00f3n Trusted Platform Module (TPM) de Trusted Computing Group (TCG). Un caso anormal no es manejado correctamente por este firmware mientras S3 est\u00e1 en reposo y puede borrar TPM 2.0. Permite a los usuarios locales sobrescribir PCRs est\u00e1ticos de TPM y neutralizar las caracter\u00edsticas de seguridad de los mismos, como el sellado/desellado y la certificaci\u00f3n remota."
}
],
"id": "CVE-2018-6622",
"lastModified": "2024-11-21T04:11:00.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-08-17T18:29:01.227",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105203"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.usenix.org/conference/usenixsecurity18/presentation/han"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/105203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.usenix.org/conference/usenixsecurity18/presentation/han"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-02-28 18:15
Modified
2024-11-21 07:38
Severity ?
Summary
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://kb.cert.org/vuls/id/782720 | Third Party Advisory, US Government Resource | |
| cret@cert.org | https://trustedcomputinggroup.org/about/security/ | Vendor Advisory | |
| cret@cert.org | https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kb.cert.org/vuls/id/782720 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trustedcomputinggroup.org/about/security/ | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.16:*:*:*:*:*:*",
"matchCriteriaId": "AC453113-CAE8-44B0-8306-7BB854B77EB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.38:*:*:*:*:*:*",
"matchCriteriaId": "6F43ED59-0C7E-4BBB-8931-4033AEC36269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:trustedcomputinggroup:trusted_platform_module:2.0:revision_1.59:*:*:*:*:*:*",
"matchCriteriaId": "2FC8BA48-73AA-483B-9276-A0605B15F22F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3FE6559F-B4C0-4188-86CB-4DB6FBB85A5C",
"versionEndExcluding": "10.0.10240.19805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "93CEF0C6-6B6E-4157-A763-89F570FE0AB7",
"versionEndExcluding": "10.0.14393.5786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "3001E324-7A3C-4EEB-86DC-E79471F752BD",
"versionEndExcluding": "10.0.17763.4131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "579AE0F1-E226-4504-9BF8-05E7BAE682D7",
"versionEndExcluding": "10.0.19042.2728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "D41F5E5B-D344-41B1-A160-8118DDB623C3",
"versionEndExcluding": "10.0.19044.2728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "BA59AB71-F8C7-49B0-AD2F-F9C00D82C85A",
"versionEndExcluding": "10.0.19045.2728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "6D06089A-31F7-44C7-98CB-216ABAD280A4",
"versionEndExcluding": "10.0.22000.1696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "7BB45E5C-C74C-46B1-BE64-4EF90075A3CC",
"versionEndExcluding": "10.0.22621.1413",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40EFB742-9414-4585-A71E-4316D488BFA7",
"versionEndExcluding": "10.0.14393.5786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D19233CA-3830-499D-A4C0-2C023C8AD700",
"versionEndExcluding": "10.0.17763.4131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA73D25B-EB4C-4493-9C79-4F4E181FF95B",
"versionEndExcluding": "10.0.20348.1607",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in TPM2.0\u0027s Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM."
}
],
"id": "CVE-2023-1018",
"lastModified": "2024-11-21T07:38:17.760",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-02-28T18:15:10.290",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/782720"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://kb.cert.org/vuls/id/782720"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-26933
Vulnerability from cvelistv5
Published
2020-11-18 16:50
Modified
2024-08-04 16:03
Severity ?
EPSS score ?
Summary
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://trustedcomputinggroup.org/about/security/ | x_refsource_MISC | |
| https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:03:23.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-11-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-18T16:50:32",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:H/AV:L/A:N/C:H/I:H/PR:H/S:C/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://trustedcomputinggroup.org/about/security/",
"refsource": "MISC",
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"name": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf",
"refsource": "CONFIRM",
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT004-Advisory-FINAL.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26933",
"datePublished": "2020-11-18T16:50:32",
"dateReserved": "2020-10-10T00:00:00",
"dateUpdated": "2024-08-04T16:03:23.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6622
Vulnerability from cvelistv5
Published
2018-08-17 18:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/105203 | vdb-entry, x_refsource_BID | |
| https://www.usenix.org/conference/usenixsecurity18/presentation/han | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "105203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/105203"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.usenix.org/conference/usenixsecurity18/presentation/han"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-05T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "105203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/105203"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.usenix.org/conference/usenixsecurity18/presentation/han"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105203"
},
{
"name": "https://www.usenix.org/conference/usenixsecurity18/presentation/han",
"refsource": "MISC",
"url": "https://www.usenix.org/conference/usenixsecurity18/presentation/han"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6622",
"datePublished": "2018-08-17T18:00:00",
"dateReserved": "2018-02-04T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1017
Vulnerability from cvelistv5
Published
2023-02-28 18:02
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trusted Computing Group | TPM2.0 |
Version: 1.59 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.125Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TCG TPM2.0 Errata Version 1.4",
"tags": [
"x_transferred"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
},
{
"name": "TCG Security Advisories",
"tags": [
"x_transferred"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"name": "CERT/CC Advisory VU#782720",
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/782720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TPM2.0",
"vendor": "Trusted Computing Group",
"versions": [
{
"status": "affected",
"version": "1.59"
}
]
},
{
"product": "TPM2.0",
"vendor": "Trusted Computing Group",
"versions": [
{
"status": "affected",
"version": "1.38"
}
]
},
{
"product": "TPM2.0",
"vendor": "Trusted Computing Group",
"versions": [
{
"status": "affected",
"version": "1.19"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francisco Falcon of Quarkslab"
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds write vulnerability exists in TPM2.0\u0027s Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-787 Out-of-bounds Write",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-28T19:09:18.722Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "TCG TPM2.0 Errata Version 1.4 ",
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
},
{
"name": "TCG Security Advisories",
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"name": "CERT/CC Advisory VU#782720",
"url": "https://kb.cert.org/vuls/id/782720"
}
],
"source": {
"discovery": "external"
},
"title": "TPM2.0 vulnerable to out-of-bounds write",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1017"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-1017",
"datePublished": "2023-02-28T18:02:27.064Z",
"dateReserved": "2023-02-24T16:02:22.626Z",
"dateUpdated": "2024-08-02T05:32:46.125Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-1018
Vulnerability from cvelistv5
Published
2023-02-28 17:54
Modified
2024-08-02 05:32
Severity ?
EPSS score ?
Summary
An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM.
References
Impacted products
| Vendor | Product | Version | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Trusted Computing Group | TPM2.0 |
Version: 1.59 |
||||||||
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:32:46.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "TCG TPM2.0 Errata Version 1.4",
"tags": [
"x_transferred"
],
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
},
{
"name": "TCG Security Advisories",
"tags": [
"x_transferred"
],
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"name": "CERT/CC Advisory VU#782720",
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/782720"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TPM2.0",
"vendor": "Trusted Computing Group",
"versions": [
{
"status": "affected",
"version": "1.59"
}
]
},
{
"product": "TPM2.0",
"vendor": "Trusted Computing Group",
"versions": [
{
"status": "affected",
"version": "1.38"
}
]
},
{
"product": "TPM2.0",
"vendor": "Trusted Computing Group",
"versions": [
{
"status": "affected",
"version": "1.16"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Francisco Falcon of Quarkslab"
}
],
"descriptions": [
{
"lang": "en",
"value": "An out-of-bounds read vulnerability exists in TPM2.0\u0027s Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-125 Out-of-bounds Read",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-28T19:08:19.512Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "TCG TPM2.0 Errata Version 1.4 ",
"url": "https://trustedcomputinggroup.org/wp-content/uploads/TCGVRT0007-Advisory-FINAL.pdf"
},
{
"name": "TCG Security Advisories",
"url": "https://trustedcomputinggroup.org/about/security/"
},
{
"name": "CERT/CC Advisory VU#782720",
"url": "https://kb.cert.org/vuls/id/782720"
}
],
"source": {
"discovery": "external"
},
"title": "TPM2.0 vulnerable to out-of-bounds read ",
"x_generator": {
"engine": "VINCE 2.0.6",
"env": "prod",
"origin": "https://cveawg.mitre.org/api/cve/CVE-2023-1018"
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2023-1018",
"datePublished": "2023-02-28T17:54:33.260Z",
"dateReserved": "2023-02-24T16:06:48.994Z",
"dateUpdated": "2024-08-02T05:32:46.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}