VAR-201912-0695
Vulnerability from variot - Updated: 2023-12-18 13:43Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB. ShapeShift KeepKey hardware wallet Contains a vulnerability related to incomplete data integrity verification.Information may be tampered with. ShapeShift KeepKey is an e-wallet device for cryptocurrency storage.
There is an unknown vulnerability in the ShapeShift KeepKey finite state machine, which is caused by the program not being fully verified. An attacker could use this vulnerability to reset a part of the encryption key to a known value using a specially crafted message
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0695",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "keepkey",
"scope": "lt",
"trust": 1.6,
"vendor": "shapeshift",
"version": "6.2.2"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.8,
"vendor": "key hodlers",
"version": "6.2.2"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "4.0.0"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "3.1.0"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "5.1.2"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "5.1.0"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "4.0.3"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "5.0.0"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "5.1.1"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "5.0.1"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "5.2.4"
},
{
"model": "keepkey",
"scope": "eq",
"trust": 0.6,
"vendor": "shapeshift",
"version": "4.0.1"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:shapeshift:keepkey_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "6.2.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:shapeshift:keepkey_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18672"
}
]
},
"cve": "CVE-2019-18672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18672",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-00494",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-18672",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-18672",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-00494",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-269",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Insufficient checks in the finite state machine of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow a partial reset of cryptographic secrets to known values via crafted messages. Notably, this breaks the security of U2F for new server registrations and invalidates existing registrations. This vulnerability can be exploited by unauthenticated attackers and the interface is reachable via WebUSB. ShapeShift KeepKey hardware wallet Contains a vulnerability related to incomplete data integrity verification.Information may be tampered with. ShapeShift KeepKey is an e-wallet device for cryptocurrency storage. \n\nThere is an unknown vulnerability in the ShapeShift KeepKey finite state machine, which is caused by the program not being fully verified. An attacker could use this vulnerability to reset a part of the encryption key to a known value using a specially crafted message",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "CNVD",
"id": "CNVD-2020-00494"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18672",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-00494",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201912-269",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"id": "VAR-201912-0695",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
}
],
"trust": 1.1
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
}
]
},
"last_update_date": "2023-12-18T13:43:09.569000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "firmware: stronger recovery state machine checks",
"trust": 0.8,
"url": "https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680"
},
{
"title": "Patch for Unknown vulnerability in ShapeShift KeepKey finite state machine",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/195943"
},
{
"title": "ShapeShift KeepKey finite state machine Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105468"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-354",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "NVD",
"id": "CVE-2019-18672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18672"
},
{
"trust": 1.6,
"url": "https://blog.inhq.net/posts/keepkey-cve-2019-18672/"
},
{
"trust": 1.6,
"url": "https://github.com/keepkey/keepkey-firmware/commit/769714fcb569e7a4faff9530a2d9ac1f9d6e5680"
},
{
"trust": 1.6,
"url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"
},
{
"trust": 1.6,
"url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18672"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"date": "2019-12-06T18:15:12.700000",
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"date": "2019-12-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-00494"
},
{
"date": "2019-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013332"
},
{
"date": "2020-03-02T15:15:10.857000",
"db": "NVD",
"id": "CVE-2019-18672"
},
{
"date": "2020-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ShapeShift KeepKey hardware wallet Vulnerabilities related to incomplete data integrity verification",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013332"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-269"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…