Vulnerability-Lookup

CNVD-2020-00494

Vulnerability from cnvd - Published: 2020-01-03

Title

ShapeShift KeepKey finite state machine存在未明漏洞

Description

ShapeShift KeepKey是一款用于加密货币存储的电子钱包设备。 ShapeShift KeepKey finite state machine存在未明漏洞，该漏洞源于程序未进行充足地验证。攻击者可借助特制的消息利用该漏洞将部分加密密钥重置成已知值。

Severity

中

Patch Name

ShapeShift KeepKey finite state machine存在未明漏洞的补丁

Patch Description

ShapeShift KeepKey是一款用于加密货币存储的电子钱包设备。 ShapeShift KeepKey finite state machine存在未明漏洞，该漏洞源于程序未进行充足地验证。攻击者可借助特制的消息利用该漏洞将部分加密密钥重置成已知值。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680

Reference

https://nvd.nist.gov/vuln/detail/CVE-2019-18672

Impacted products

Name
ShapeShift KeepKey <6.2.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-18672"
    }
  },
  "description": "ShapeShift KeepKey\u662f\u4e00\u6b3e\u7528\u4e8e\u52a0\u5bc6\u8d27\u5e01\u5b58\u50a8\u7684\u7535\u5b50\u94b1\u5305\u8bbe\u5907\u3002\n\nShapeShift KeepKey finite state machine\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u8fdb\u884c\u5145\u8db3\u5730\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u90e8\u5206\u52a0\u5bc6\u5bc6\u94a5\u91cd\u7f6e\u6210\u5df2\u77e5\u503c\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-00494",
  "openTime": "2020-01-03",
  "patchDescription": "ShapeShift KeepKey\u662f\u4e00\u6b3e\u7528\u4e8e\u52a0\u5bc6\u8d27\u5e01\u5b58\u50a8\u7684\u7535\u5b50\u94b1\u5305\u8bbe\u5907\u3002\r\n\r\nShapeShift KeepKey finite state machine\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u8fdb\u884c\u5145\u8db3\u5730\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u7684\u6d88\u606f\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u90e8\u5206\u52a0\u5bc6\u5bc6\u94a5\u91cd\u7f6e\u6210\u5df2\u77e5\u503c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ShapeShift KeepKey finite state machine\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ShapeShift KeepKey \u003c6.2.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-18672",
  "serverity": "\u4e2d",
  "submitTime": "2019-12-09",
  "title": "ShapeShift KeepKey finite state machine\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-18672 (GCVE-0-2019-18672)

Vulnerability from cvelistv5 – Published: 2019-12-06 17:54 – Updated: 2024-08-05 01:54

Summary

Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://medium.com/shapeshift-stories/keepkey-rel…	x_refsource_MISC
	https://github.com/keepkey/keepkey-firmware/commi…	x_refsource_MISC
	https://medium.com/shapeshift-stories/shapeshift-…	x_refsource_CONFIRM
	https://blog.inhq.net/posts/keepkey-CVE-2019-18672/	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:54:14.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18672/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-02T14:03:52",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18672/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18672",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065",
              "refsource": "MISC",
              "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
            },
            {
              "name": "https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680",
              "refsource": "MISC",
              "url": "https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680"
            },
            {
              "name": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3",
              "refsource": "CONFIRM",
              "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
            },
            {
              "name": "https://blog.inhq.net/posts/keepkey-CVE-2019-18672/",
              "refsource": "MISC",
              "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18672/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18672",
    "datePublished": "2019-12-06T17:54:54",
    "dateReserved": "2019-11-02T00:00:00",
    "dateUpdated": "2024-08-05T01:54:14.478Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-00494

CVE-2019-18672 (GCVE-0-2019-18672)

Tags

Sightings

Nomenclature