{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15361", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160", "refsource": "MISC", "url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160" }, { "name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/", "refsource": "MISC", "url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/" }, { "name": "https://blog.cr.yp.to/20171105-infineon.html", "refsource": "MISC", "url": "https://blog.cr.yp.to/20171105-infineon.html" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us" }, { "name": "https://monitor.certipath.com/rsatest", "refsource": "MISC", "url": "https://monitor.certipath.com/rsatest" }, { "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01", "refsource": "MISC", "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01" }, { "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012", "refsource": "MISC", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012" }, { "name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17", "refsource": "MISC", "url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17" }, { "name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/", "refsource": "MISC", "url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/" }, { "name": "http://support.lenovo.com/us/en/product_security/LEN-15552", "refsource": "CONFIRM", "url": "http://support.lenovo.com/us/en/product_security/LEN-15552" }, { "name": "https://security.netapp.com/advisory/ntap-20171024-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20171024-0001/" }, { "name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM", "refsource": "MISC", "url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html" }, { "name": "VU#307015", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/307015" }, { "name": "https://github.com/crocs-muni/roca", "refsource": "MISC", "url": "https://github.com/crocs-muni/roca" }, { "name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update", "refsource": "MISC", "url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us" }, { "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html", "refsource": "CONFIRM", "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html" }, { "name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/", "refsource": "CONFIRM", "url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/" }, { "name": "101484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101484" }, { "name": "https://keychest.net/roca", "refsource": "MISC", "url": "https://keychest.net/roca" } ] } }