VAR-201807-0270
Vulnerability from variot - Updated: 2023-12-18 12:01Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot of AES-CBC Multiple vulnerabilities exist in cryptographic implementations. Das U-Boot of AES-CBC Multiple vulnerabilities exist in the encryption implementation: CBC The initialization vector value used in the mode is not random (CWE-329) - CVE-2017-3225 Das U-Boot of AES-CBC In encryption, the value of the initialization vector 0 using. The attacker Das U-Boot Information may be obtained by performing a dictionary attack on the encrypted data created in. As a result, an attacker could decrypt the content on your device or possibly tamper with it.An attacker with access to the device may be able to decrypt the content on the device. An attacker can exploit these issues to gain access to sensitive information or may perform certain unauthorized actions; this may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0270",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "u-boot",
"scope": "lt",
"trust": 1.0,
"vendor": "denx",
"version": "2017.09"
},
{
"model": "u-boot",
"scope": null,
"trust": 0.8,
"vendor": "denx engineering",
"version": null
},
{
"model": "das u-boot",
"scope": "eq",
"trust": 0.3,
"vendor": "u boot",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3226"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:denx:u-boot:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2017.09",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3226"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allan Xavier",
"sources": [
{
"db": "BID",
"id": "100675"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-010588",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.5,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-010588",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-3226",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-010588",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-517",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3226"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot\u0027s AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message. For devices utilizing this environment encryption mode, U-Boot\u0027s use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot of AES-CBC Multiple vulnerabilities exist in cryptographic implementations. Das U-Boot of AES-CBC Multiple vulnerabilities exist in the encryption implementation: CBC The initialization vector value used in the mode is not random (CWE-329) - CVE-2017-3225 Das U-Boot of AES-CBC In encryption, the value of the initialization vector 0 using. The attacker Das U-Boot Information may be obtained by performing a dictionary attack on the encrypted data created in. As a result, an attacker could decrypt the content on your device or possibly tamper with it.An attacker with access to the device may be able to decrypt the content on the device. \nAn attacker can exploit these issues to gain access to sensitive information or may perform certain unauthorized actions; this may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3226"
},
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "BID",
"id": "100675"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166743",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2017-3226",
"trust": 2.7
},
{
"db": "BID",
"id": "100675",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU96769287",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-517",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3226"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
]
},
"id": "VAR-201807-0270",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26666668
},
"last_update_date": "2023-12-18T12:01:46.600000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "env: Migrate CONFIG_ENV_AES to Kconfig and deprecate",
"trust": 0.8,
"url": "http://git.denx.de/?p=u-boot.git;a=commit;h=5eb35220b2cbeac79af8d73c696f5930a755c5bd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.0
},
{
"problemtype": "CWE-329",
"trust": 0.8
},
{
"problemtype": "CWE-208",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/166743"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100675"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/208.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/329.html"
},
{
"trust": 0.8,
"url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-444.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3225"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3226"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96769287/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3225"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3226"
},
{
"trust": 0.3,
"url": "https://www.denx.de/wiki/u-boot/webhome"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3226"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3226"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#166743"
},
{
"date": "2017-09-08T00:00:00",
"db": "BID",
"id": "100675"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"date": "2018-07-24T15:29:00.983000",
"db": "NVD",
"id": "CVE-2017-3226"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-12T00:00:00",
"db": "CERT/CC",
"id": "VU#166743"
},
{
"date": "2017-09-08T00:00:00",
"db": "BID",
"id": "100675"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"date": "2019-10-09T23:27:25.367000",
"db": "NVD",
"id": "CVE-2017-3226"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#166743"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-517"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…