mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-07-30 18:04:30 +00:00
168 lines
6.7 KiB
JSON
168 lines
6.7 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2017-15361",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
|
|
"refsource" : "MISC",
|
|
"url" : "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
|
|
},
|
|
{
|
|
"name" : "https://blog.cr.yp.to/20171105-infineon.html",
|
|
"refsource" : "MISC",
|
|
"url" : "https://blog.cr.yp.to/20171105-infineon.html"
|
|
},
|
|
{
|
|
"name" : "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
|
|
"refsource" : "MISC",
|
|
"url" : "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
|
|
},
|
|
{
|
|
"name" : "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
|
|
"refsource" : "MISC",
|
|
"url" : "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
|
|
},
|
|
{
|
|
"name" : "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
|
|
"refsource" : "MISC",
|
|
"url" : "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
|
|
},
|
|
{
|
|
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
|
|
"refsource" : "MISC",
|
|
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
|
|
},
|
|
{
|
|
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
|
|
"refsource" : "MISC",
|
|
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
|
|
},
|
|
{
|
|
"name" : "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
|
|
"refsource" : "MISC",
|
|
"url" : "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
|
|
},
|
|
{
|
|
"name" : "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
|
|
"refsource" : "MISC",
|
|
"url" : "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
|
|
},
|
|
{
|
|
"name" : "https://github.com/crocs-muni/roca",
|
|
"refsource" : "MISC",
|
|
"url" : "https://github.com/crocs-muni/roca"
|
|
},
|
|
{
|
|
"name" : "https://keychest.net/roca",
|
|
"refsource" : "MISC",
|
|
"url" : "https://keychest.net/roca"
|
|
},
|
|
{
|
|
"name" : "https://monitor.certipath.com/rsatest",
|
|
"refsource" : "MISC",
|
|
"url" : "https://monitor.certipath.com/rsatest"
|
|
},
|
|
{
|
|
"name" : "http://support.lenovo.com/us/en/product_security/LEN-15552",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://support.lenovo.com/us/en/product_security/LEN-15552"
|
|
},
|
|
{
|
|
"name" : "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
|
|
},
|
|
{
|
|
"name" : "https://security.netapp.com/advisory/ntap-20171024-0001/",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://security.netapp.com/advisory/ntap-20171024-0001/"
|
|
},
|
|
{
|
|
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us"
|
|
},
|
|
{
|
|
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us"
|
|
},
|
|
{
|
|
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
|
|
},
|
|
{
|
|
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
|
|
},
|
|
{
|
|
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
|
|
},
|
|
{
|
|
"name" : "VU#307015",
|
|
"refsource" : "CERT-VN",
|
|
"url" : "https://www.kb.cert.org/vuls/id/307015"
|
|
},
|
|
{
|
|
"name" : "101484",
|
|
"refsource" : "BID",
|
|
"url" : "http://www.securityfocus.com/bid/101484"
|
|
}
|
|
]
|
|
}
|
|
}
|