Search
Find a vulnerability
Search criteria
15 vulnerabilities by infineon
VAR-201708-1418
Vulnerability from variot - Updated: 2025-05-07 23:18An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU. BMW , Ford , Infiniti ,and Nissan On multiple models of Continental AG Infineon S-Gold 2 (PMB 8876) The chipset contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TCU is a 2G modem commonly used in modern cars produced by Continental AG to transmit data between cars and remote management tools such as web panels and mobile applications. Continental AG Infineon S-Gold 2 (PMB 8876) is prone to a remote code-execution vulnerability and a stack-based buffer-overflow vulnerability; fixes are available. An attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1418",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s-gold 2 pmb 8876",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": null
},
{
"model": "s-gold 2",
"scope": null,
"trust": 0.8,
"vendor": "infineon",
"version": null
},
{
"model": "leaf",
"scope": "eq",
"trust": 0.6,
"vendor": "nissan",
"version": "2011-2015"
},
{
"model": "jx3",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2013"
},
{
"model": "qx60",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "qx60 hybrid",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "qx50",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2015"
},
{
"model": "qx50 hybrid",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2015"
},
{
"model": "m37/m56",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2013"
},
{
"model": "q70",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "q70l",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "q70 hybrid",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2015-2016"
},
{
"model": "qx56",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2013"
},
{
"model": "qx",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-201680"
},
{
"model": "produced between",
"scope": "eq",
"trust": 0.6,
"vendor": "bmw",
"version": "2009-2010"
},
{
"model": "p-hev",
"scope": null,
"trust": 0.6,
"vendor": "ford",
"version": null
},
{
"model": "ag nissan leaf",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2011-20150"
},
{
"model": "ag infiniti q70 hybrid",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2015-20160"
},
{
"model": "ag infiniti qx60 hybrid",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti qx60",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti qx",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-2016800"
},
{
"model": "ag infiniti q70l",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti q70",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti qx50 hybrid",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20150"
},
{
"model": "ag infiniti qx50",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20150"
},
{
"model": "ag infiniti qx56",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "20130"
},
{
"model": "ag infiniti m37/m56",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "20130"
},
{
"model": "ag infiniti jx35",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "20130"
},
{
"model": "ag infineon s-gold (pmb",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "28876)0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "s gold 2 pmb 8876",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-875"
},
{
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:infineon:s-gold_2_pmb_8876",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mickey Shkatov, Jesse Michael, and Oleksandr Bazhaniuk",
"sources": [
{
"db": "BID",
"id": "100132"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9633",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-9633",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-18627",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-9633",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2017-9633",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9633",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2017-9633",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-9633",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-18627",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-875",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-875"
},
{
"db": "NVD",
"id": "CVE-2017-9633"
},
{
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU. BMW , Ford , Infiniti ,and Nissan On multiple models of Continental AG Infineon S-Gold 2 (PMB 8876) The chipset contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The TCU is a 2G modem commonly used in modern cars produced by Continental AG to transmit data between cars and remote management tools such as web panels and mobile applications. Continental AG Infineon S-Gold 2 (PMB 8876) is prone to a remote code-execution vulnerability and a stack-based buffer-overflow vulnerability; fixes are available. \nAn attacker can exploit these issues to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9633"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9633",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-208-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100132",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-18627",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-875",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007277",
"trust": 0.8
},
{
"db": "IVD",
"id": "E123AF2D-E7C8-4ADA-9BD8-BF07C0F405D8",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-875"
},
{
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"id": "VAR-201708-1418",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
}
]
},
"last_update_date": "2025-05-07T23:18:08.668000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.infineon.com/cms/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-208-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100132"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9633"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9633"
},
{
"trust": 0.6,
"url": "http://securityaffairs.co/wordpress/61587/hacking/tcus-car-hacking.html"
},
{
"trust": 0.6,
"url": "https://media.defcon.org/def%20con%2025/def%20con%2025%20presentations/defcon-25-jesse-michael-and-mickey-shkatov-driving-down-the-rabbit-hole.pdf"
},
{
"trust": 0.3,
"url": "https://www.continental-corporation.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-875"
},
{
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-875"
},
{
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-03T00:00:00",
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"date": "2017-08-04T00:00:00",
"db": "BID",
"id": "100132"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-875"
},
{
"date": "2017-08-07T08:29:00.447000",
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18627"
},
{
"date": "2017-08-04T00:00:00",
"db": "BID",
"id": "100132"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007277"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-875"
},
{
"date": "2025-05-06T15:15:52.377000",
"db": "NVD",
"id": "CVE-2017-9633"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-875"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Continental TCU Remote code execution vulnerability",
"sources": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNVD",
"id": "CNVD-2017-18627"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "e123af2d-e7c8-4ada-9bd8-bf07c0f405d8"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-875"
}
],
"trust": 0.8
}
}
VAR-201710-0668
Vulnerability from variot - Updated: 2025-04-20 23:37The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. This vulnerability is often cited as "ROCA" in the media. Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. As a result, generated using this library RSA The private key corresponding to the public key may be obtained. Cryptographic issues (CWE-310) - CVE-2017-15361 Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. Using the library RSA When generating a key pair, a more efficient search method than the exhaustive key search can be applied. at least 2048 There is a possibility of obtaining a secret key with a key length of less than or equal to bits. This attack was generated by the library RSA It can be applied simply by obtaining a public key. In addition, this case RSA Problem with key generation ECC ( Elliptic curve cryptography ) Is not affected. Also generated by other devices and libraries RSA key Can also be used safely with this library. The library is Trusted Platform Modules (TPM) Or a smart card. Information on affected vendors is available on the developer's site. For details, refer to the information published by the discoverer. Developer site https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Information published by the discoverer https://crocs.fi.muni.cz/public/papers/rsa_ccs17Using the library RSA If a key is generated, there is a possibility that a private key may be obtained by a remote third party. An attacker could exploit this vulnerability to compromise the encryption protection mechanism. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03789en_us Version: 2
HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-10-18 Last Updated: 2017-10-17
Potential Security Impact: Local: Unauthorized Access to Data; Remote: Unauthorized Access to Data
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data.
References:
- PSRT110605
- PSRT110598
- CVE-2017-15361
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This is the Gen9 TPM 2.0 option (only Gen9 servers could have this option). The TPM 2.0 Option for Gen9 servers is not standard on Gen9 servers - - it is an option. - HP ProLiant BL460c Gen9 Server Blade n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant BL660c Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL120 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL160 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL360 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL380 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL388 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL580 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL60 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL80 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML110 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML150 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE Apollo 4200 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL20 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL560 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug 4LFF SATA 300W AP Svr/Promo n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W Svr/S-Buy n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W Perf Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/GO n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/TV n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML30 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL170r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL190r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL260a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL450 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-15361
7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided both an updated system ROM, and updated TPM firmware to correct this issue for impacted systems. Update the system ROM and "HPE Trusted Platform Module 2.0 Option" to firmware version 5.62 or subsequent.
The latest version of the System ROM is available, and must be updated before updating the TPM firmware. Use these instructions:
1.Click the following link:
2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a
Product Name or Number.
3.Click Go.
4.Select the appropriate product model from the Results list (if prompted).
5.Click the "drivers, software & firmware" hyperlink under the Download
Options tab.
6.Select the system's specific operating system from the Operating Systems
dropdown menu.
7.Click the category BIOS - System ROM.
8.Select the latest release of HPE System ROM Version 2.50 (or later).
9.Click Download.
The latest version of the TPM firmware is available. Use these instructions:
1.Click the following link:
2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a
Product Name or Number.
3.Click Go.
4.Select the appropriate product model from the Results list (if prompted).
5.Click the "drivers, software & firmware" hyperlink under the Download
Options tab.
6.Select the system's specific operating system from the Operating Systems
dropdown menu.
7.Click the category Firmware.
8.Select the latest release of the HPE Trusted Platform Module 2.0 Option
firmware update for HPE Gen9 Severs Version 5.62 (or later).
9.Click Download.
Note:
-
After the firmware upgrade, the TPM will generate RSA keys using an improved algorithm. Revoking the weak TPM generated RSA keys will still be required. Refer to the OS documentation for OS-specific instructions. In addition, a System ROM update to version 2.50 (or later) is required before updating the TPM 2.0 firmware.
-
Please refer to the HPE Customer Bulletin as well:
-
HPE ProLiant Gen9 Servers - Potential Vulnerability in the HPE Trusted Platform Module 2.0 Option Firmware Version 5.51 for HPE ProLiant Gen9 Servers http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=a00028289en_us
HISTORY
Version:1 (rev.1) - 16 October 2017 Initial release
Version:2 (rev.2) - 17 October 2017 Added CVE reference
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJZ5k72AAoJELXhAxt7SZaiU4EIAKJK3i30Qui8Fqm7/Kr5R/oB UgW8kg/4EkbEpJ7ewQwjE2gaIMUmo6q2we+mpLU3/4T8+ZcZgxw7hDZqOrOn7V08 rzchXK1oLqdW9vu0BlWrUK6TTWHghW38nwqLHhmxuRavrVR4kYB+ctfFUS3vaSVd eQWBn6coSrkeToazgtvlPilChl1ygH4NITmLBXPnSbcp8U1yLhF+j0eUKLcZnR8l OMi65CVCNWCcSL3NV6x4NXvREmehKXGqgokGUe6rBWucU+A21W66GhsnhC5ysa4j SR8Ungf0W1QihfW3+Jijiu5hC7mrcZrGi+AZAvJDb4S5zvfM+hVUZNuEGa6nzVM= =KoaT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0668",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "133.32"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "6.40"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "4.31"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "4.32"
},
{
"model": "rsa library",
"scope": "eq",
"trust": 1.2,
"vendor": "infineon",
"version": "1.02.013"
},
{
"model": "rsa library",
"scope": "lte",
"trust": 1.0,
"vendor": "infineon",
"version": "1.02.013"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "atos se",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gemalto av",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "infineon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rubrik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "taglio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winmagic",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "yubico",
"version": null
},
{
"model": "rsa library",
"scope": "eq",
"trust": 0.8,
"vendor": "infineon",
"version": "version 1.02.013"
},
{
"model": "yubikey 4c",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "4.3.4"
},
{
"model": "yubikey 4c",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "4.2.6"
},
{
"model": "yubikey nano",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.3.4"
},
{
"model": "yubikey nano",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.2.6"
},
{
"model": "yubikey",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.3.4"
},
{
"model": "yubikey",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.2.6"
},
{
"model": "thinkpad yoga s1",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2600"
},
{
"model": "thinkpad yoga s3",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "144600"
},
{
"model": "thinkpad yoga 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad carbon",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t470p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p51",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l570",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l470",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e565",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e465",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "rsa library",
"scope": "eq",
"trust": 0.3,
"vendor": "infineon",
"version": "1.2.13"
},
{
"model": "trusted platform module option kit",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96702.0)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96701.2)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96652.0)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96601.2)0"
},
{
"model": "mobile workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "mobile thin client and tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "commercial notebook pc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "chrome os m63",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "chrome os m62",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "chrome os m61",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "idprime.net",
"scope": "eq",
"trust": 0.3,
"vendor": "gemalto",
"version": "0"
},
{
"model": "tpm 2.0 fw7.61",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw7.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw5.61",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw5.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw6.42",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw6.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.42",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.40",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.33",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw149.32",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw133.32",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "chrome os m80",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "4.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "4.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "6.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "133.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rsa library",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:infineon:rsa_library",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.",
"sources": [
{
"db": "BID",
"id": "101484"
}
],
"trust": 0.3
},
"cve": "CVE-2017-15361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-15361",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.9,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2017-15361",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-008423",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-33657",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-106176",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-15361",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-008423",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15361",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-15361",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-008423",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-33657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-558",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106176",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-15361",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. This vulnerability is often cited as \"ROCA\" in the media. Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. As a result, generated using this library RSA The private key corresponding to the public key may be obtained. Cryptographic issues (CWE-310) - CVE-2017-15361 Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. Using the library RSA When generating a key pair, a more efficient search method than the exhaustive key search can be applied. at least 2048 There is a possibility of obtaining a secret key with a key length of less than or equal to bits. This attack was generated by the library RSA It can be applied simply by obtaining a public key. In addition, this case RSA Problem with key generation ECC ( Elliptic curve cryptography ) Is not affected. Also generated by other devices and libraries RSA key Can also be used safely with this library. The library is Trusted Platform Modules (TPM) Or a smart card. Information on affected vendors is available on the developer\u0027s site. For details, refer to the information published by the discoverer. Developer site https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Information published by the discoverer https://crocs.fi.muni.cz/public/papers/rsa_ccs17Using the library RSA If a key is generated, there is a possibility that a private key may be obtained by a remote third party. An attacker could exploit this vulnerability to compromise the encryption protection mechanism. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03789en_us\nVersion: 2\n\nHPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module\nv2.0 Option, Unauthorized Access to Data\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-10-18\nLast Updated: 2017-10-17\n\nPotential Security Impact: Local: Unauthorized Access to Data; Remote:\nUnauthorized Access to Data\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in the \"HP Trusted\nPlatform Module 2.0 Option\" kit. This optional kit is available for HPE Gen9\nsystems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is\nthat new mathematical methods exist such that RSA keys generated by the TPM\n2.0 with firmware 5.51 are cryptographically weakened. This vulnerability\ncould lead to local and remote unauthorized access to data. \n\nReferences:\n\n - PSRT110605\n - PSRT110598\n - CVE-2017-15361\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This is the Gen9 TPM 2.0 option (only Gen9 servers could have this\noption). The TPM 2.0 Option for Gen9 servers is not standard on Gen9 servers\n- - it is an option. \n - HP ProLiant BL460c Gen9 Server Blade n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant BL660c Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL120 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL160 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL360 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL380 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL388 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL580 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL60 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL80 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant ML110 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant ML150 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE Apollo 4200 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL180 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL180 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL20 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL560 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug\n4LFF SATA 300W AP Svr/Promo n/a - only if \"HPE Trusted Platform Module 2.0\nKit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W\nSvr/S-Buy n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version\n5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W\nPerf Svr n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version\n5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/GO n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51\nis installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/TV n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51\nis installed. \n - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr\nn/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51 is\ninstalled. \n - HPE ProLiant ML30 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML350 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML350 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL170r Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL190r Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL230a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL230a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL250a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL250a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL260a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL450 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL730f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL730f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL740f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL740f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL750f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL750f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-15361\n 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided both an updated system ROM, and updated TPM firmware to\ncorrect this issue for impacted systems. Update the system ROM and \"HPE\nTrusted Platform Module 2.0 Option\" to firmware version 5.62 or subsequent. \n\nThe latest version of the System ROM is available, and must be updated before\nupdating the TPM firmware. Use these instructions:\n\n1.Click the following link: \n\n * \u003chttp://www.hpe.com/support/hpesc\u003e\n\n2.Enter a product name (e.g., \"DL380 Gen9\") in the text field under Enter a\nProduct Name or Number. \n3.Click Go. \n4.Select the appropriate product model from the Results list (if prompted). \n5.Click the \"drivers, software \u0026 firmware\" hyperlink under the Download\nOptions tab. \n6.Select the system\u0027s specific operating system from the Operating Systems\ndropdown menu. \n7.Click the category BIOS - System ROM. \n8.Select the latest release of HPE System ROM Version 2.50 (or later). \n9.Click Download. \n\n\nThe latest version of the TPM firmware is available. Use these instructions:\n\n 1.Click the following link:\n\n * \u003chttp://www.hpe.com/support/hpesc\u003e\n\n 2.Enter a product name (e.g., \"DL380 Gen9\") in the text field under Enter a\nProduct Name or Number. \n 3.Click Go. \n 4.Select the appropriate product model from the Results list (if prompted). \n\n 5.Click the \"drivers, software \u0026 firmware\" hyperlink under the Download\nOptions tab. \n 6.Select the system\u0027s specific operating system from the Operating Systems\ndropdown menu. \n 7.Click the category Firmware. \n 8.Select the latest release of the HPE Trusted Platform Module 2.0 Option\nfirmware update for HPE Gen9 Severs Version 5.62 (or later). \n 9.Click Download. \n\n**Note:** \n\n * After the firmware upgrade, the TPM will generate RSA keys using an\nimproved algorithm. Revoking the weak TPM generated RSA keys will still be\nrequired. Refer to the OS documentation for OS-specific instructions. In\naddition, a System ROM update to version 2.50 (or later) is required before\nupdating the TPM 2.0 firmware. \n \n * Please refer to the HPE *Customer Bulletin* as well:\n \n - **HPE ProLiant Gen9 Servers** - Potential Vulnerability in the HPE\nTrusted Platform Module 2.0 Option Firmware Version 5.51 for HPE ProLiant\nGen9 Servers\n\u003chttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=a00028289en_us\u003e\n\nHISTORY\n\nVersion:1 (rev.1) - 16 October 2017 Initial release\n\nVersion:2 (rev.2) - 17 October 2017 Added CVE reference\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZ5k72AAoJELXhAxt7SZaiU4EIAKJK3i30Qui8Fqm7/Kr5R/oB\nUgW8kg/4EkbEpJ7ewQwjE2gaIMUmo6q2we+mpLU3/4T8+ZcZgxw7hDZqOrOn7V08\nrzchXK1oLqdW9vu0BlWrUK6TTWHghW38nwqLHhmxuRavrVR4kYB+ctfFUS3vaSVd\neQWBn6coSrkeToazgtvlPilChl1ygH4NITmLBXPnSbcp8U1yLhF+j0eUKLcZnR8l\nOMi65CVCNWCcSL3NV6x4NXvREmehKXGqgokGUe6rBWucU+A21W66GhsnhC5ysa4j\nSR8Ungf0W1QihfW3+Jijiu5hC7mrcZrGi+AZAvJDb4S5zvfM+hVUZNuEGa6nzVM=\n=KoaT\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "PACKETSTORM",
"id": "144646"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/307015",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15361",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#307015",
"trust": 3.7
},
{
"db": "BID",
"id": "101484",
"trust": 2.7
},
{
"db": "LENOVO",
"id": "LEN-15552",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-470231",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-01",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-01A",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-33657",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95530052",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423",
"trust": 0.8
},
{
"db": "IVD",
"id": "0E0DF457-AAB1-4879-A7C8-5371086A00D5",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144646",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99005",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-106176",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-15361",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"id": "VAR-201710-0668",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
}
],
"trust": 1.4398148266666668
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
}
]
},
"last_update_date": "2025-04-20T23:37:47.985000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information on TPM firmware update for Microsoft Windows systems as announced on Microsoft`s patchday on October 10th 2017",
"trust": 0.8,
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"title": "Security Alert 20171012",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2017/securityalert20171012.html"
},
{
"title": "Infineon RSA Library Encryption Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105950"
},
{
"title": "Infineon Trusted Platform Module Infineon RSA Repair measures for library security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75565"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/23/roca_crypto_flaw_gemalto/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/16/roca_crypto_vuln_infineon_chips/"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=d442339efd5a6d4834ac93a8dc07c35d"
},
{
"title": "HP: HPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03568"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ca9eba9c5c56724cf0dd05e2bbff5dc4"
},
{
"title": "HP: HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03583"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=03aca358debd7682b3b457bbf62087d3"
},
{
"title": "Infineon-CVE-2017-15361",
"trust": 0.1,
"url": "https://github.com/lva/Infineon-CVE-2017-15361 "
},
{
"title": "RocaCmTest",
"trust": 0.1,
"url": "https://github.com/jnpuskar/RocaCmTest "
},
{
"title": "zeek-plugin-roca",
"trust": 0.1,
"url": "https://github.com/0xxon/bro-plugin-roca "
},
{
"title": "Detect-CVE-2017-15361-TPM",
"trust": 0.1,
"url": "https://github.com/nsacyber/Detect-CVE-2017-15361-TPM "
},
{
"title": "cedarkey",
"trust": 0.1,
"url": "https://github.com/nuclearcat/cedarkey "
},
{
"title": "roca",
"trust": 0.1,
"url": "https://github.com/brunoproduit/roca "
},
{
"title": "zeek-plugin-roca",
"trust": 0.1,
"url": "https://github.com/0xxon/zeek-plugin-roca "
},
{
"title": "tpm-firmware",
"trust": 0.1,
"url": "https://github.com/fishilico/tpm-firmware "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/google/paranoid_crypto "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/microsoft-warns-of-windows-hello-for-business-orphaned-key-risks/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"trust": 3.4,
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirid=59160"
},
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"trust": 2.9,
"url": "http://support.lenovo.com/us/en/product_security/len-15552"
},
{
"trust": 2.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv170012"
},
{
"trust": 2.6,
"url": "https://github.com/crocs-muni/roca"
},
{
"trust": 2.6,
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"trust": 2.6,
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/101484"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"trust": 1.8,
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"trust": 1.8,
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"trust": 1.8,
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"trust": 1.8,
"url": "https://github.com/iadgov/detect-cve-2017-15361-tpm"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-01"
},
{
"trust": 1.8,
"url": "https://keychest.net/roca"
},
{
"trust": 1.8,
"url": "https://monitor.certipath.com/rsatest"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03801en_us"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15361"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 0.8,
"url": "https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.8,
"url": "http://www.dell.com/support/article/us/en/19/sln307820/"
},
{
"trust": 0.8,
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html"
},
{
"trust": 0.8,
"url": "https://safenet.gemalto.com/technical-support/security-updates/"
},
{
"trust": 0.8,
"url": "https://support.rubrik.com/articles/how_to/000001116"
},
{
"trust": 0.8,
"url": "https://www.yubico.com/keycheck/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15361"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-058-01a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95530052/"
},
{
"trust": 0.3,
"url": "https://www.infineon.com/"
},
{
"trust": 0.3,
"url": "https://support.hp.com/us-en/document/c05792935"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03801en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/lva/infineon-cve-2017-15361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-01a"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=a00028289en_us\u003e"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/hpesc\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"date": "2017-10-16T00:00:00",
"db": "CERT/CC",
"id": "VU#307015"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"date": "2017-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-106176"
},
{
"date": "2017-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"date": "2017-10-16T00:00:00",
"db": "BID",
"id": "101484"
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"date": "2017-10-17T15:22:22",
"db": "PACKETSTORM",
"id": "144646"
},
{
"date": "2017-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"date": "2017-10-16T17:29:00.243000",
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CERT/CC",
"id": "VU#307015"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-106176"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"date": "2017-10-23T20:04:00",
"db": "BID",
"id": "101484"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infineon RSA library does not properly generate RSA key pairs",
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
],
"trust": 0.6
}
}
VAR-201708-1401
Vulnerability from variot - Updated: 2025-04-20 23:19A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU. The TCU is a 2G modem commonly used in modern cars produced by Continental AG to transmit data between cars and remote management tools such as web panels and mobile applications. Continental TCU has a stack buffer overflow vulnerability that affects TCUs using S-Gold 2 (PMB 8876) cellular baseband chips. Continental AG Infineon S-Gold 2 (PMB 8876) is prone to a remote code-execution vulnerability and a stack-based buffer-overflow vulnerability; fixes are available. Failed exploit attempts will likely result in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1401",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "s-gold 2 pmb 8876",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": null
},
{
"model": "s-gold 2",
"scope": null,
"trust": 0.8,
"vendor": "infineon",
"version": null
},
{
"model": "leaf",
"scope": "eq",
"trust": 0.6,
"vendor": "nissan",
"version": "2011-2015"
},
{
"model": "jx3",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2013"
},
{
"model": "qx60",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "qx60 hybrid",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "qx50",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2015"
},
{
"model": "qx50 hybrid",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2015"
},
{
"model": "m37/m56",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2013"
},
{
"model": "q70",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "q70l",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-2016"
},
{
"model": "q70 hybrid",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2015-2016"
},
{
"model": "qx56",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2013"
},
{
"model": "qx",
"scope": "eq",
"trust": 0.6,
"vendor": "infiniti",
"version": "2014-201680"
},
{
"model": "produced between",
"scope": "eq",
"trust": 0.6,
"vendor": "bmw",
"version": "2009-2010"
},
{
"model": "p-hev",
"scope": null,
"trust": 0.6,
"vendor": "ford",
"version": null
},
{
"model": "ag nissan leaf",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2011-20150"
},
{
"model": "ag infiniti q70 hybrid",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2015-20160"
},
{
"model": "ag infiniti qx60 hybrid",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti qx60",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti qx",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-2016800"
},
{
"model": "ag infiniti q70l",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti q70",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20160"
},
{
"model": "ag infiniti qx50 hybrid",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20150"
},
{
"model": "ag infiniti qx50",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "2014-20150"
},
{
"model": "ag infiniti qx56",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "20130"
},
{
"model": "ag infiniti m37/m56",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "20130"
},
{
"model": "ag infiniti jx35",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "20130"
},
{
"model": "ag infineon s-gold (pmb",
"scope": "eq",
"trust": 0.3,
"vendor": "continental",
"version": "28876)0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "s gold 2 pmb 8876",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-590"
},
{
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:infineon:s-gold_2_pmb_8876",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mickey Shkatov, Jesse Michael, and Oleksandr Bazhaniuk",
"sources": [
{
"db": "BID",
"id": "100132"
}
],
"trust": 0.3
},
"cve": "CVE-2017-9647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CVE-2017-9647",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-18628",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.7,
"id": "CVE-2017-9647",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-9647",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-9647",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-18628",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-590",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-590"
},
{
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU. The TCU is a 2G modem commonly used in modern cars produced by Continental AG to transmit data between cars and remote management tools such as web panels and mobile applications. Continental TCU has a stack buffer overflow vulnerability that affects TCUs using S-Gold 2 (PMB 8876) cellular baseband chips. Continental AG Infineon S-Gold 2 (PMB 8876) is prone to a remote code-execution vulnerability and a stack-based buffer-overflow vulnerability; fixes are available. Failed exploit attempts will likely result in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-9647"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-9647",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-208-01",
"trust": 3.3
},
{
"db": "BID",
"id": "100132",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2017-18628",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-590",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007278",
"trust": 0.8
},
{
"db": "IVD",
"id": "3280ABC1-3145-4FF6-91EB-0A0D63A93B91",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-590"
},
{
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"id": "VAR-201708-1401",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
}
]
},
"last_update_date": "2025-04-20T23:19:52.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.infineon.com/cms/jp/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
},
{
"problemtype": "CWE-121",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-208-01"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100132"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-9647"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-9647"
},
{
"trust": 0.6,
"url": "http://securityaffairs.co/wordpress/61587/hacking/tcus-car-hacking.html"
},
{
"trust": 0.6,
"url": "https://media.defcon.org/def%20con%2025/def%20con%2025%20presentations/defcon-25-jesse-michael-and-mickey-shkatov-driving-down-the-rabbit-hole.pdf"
},
{
"trust": 0.3,
"url": "https://www.continental-corporation.com/en"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-590"
},
{
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"db": "BID",
"id": "100132"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-590"
},
{
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-03T00:00:00",
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"date": "2017-08-04T00:00:00",
"db": "BID",
"id": "100132"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"date": "2017-06-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-590"
},
{
"date": "2017-08-07T08:29:00.480000",
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18628"
},
{
"date": "2017-08-04T00:00:00",
"db": "BID",
"id": "100132"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007278"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-590"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-9647"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-590"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Continental TCU Stack Buffer Overflow Vulnerability",
"sources": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNVD",
"id": "CNVD-2017-18628"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer error",
"sources": [
{
"db": "IVD",
"id": "3280abc1-3145-4ff6-91eb-0a0d63a93b91"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-590"
}
],
"trust": 0.8
}
}
VAR-202302-0396
Vulnerability from variot - Updated: 2025-03-28 00:42Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0396",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cypress bluetooth mesh software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "infineon",
"version": "bsa0107_05.01.00-bx8-amesh-08"
},
{
"model": "cypress bluetooth mesh sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "infineon",
"version": null
},
{
"model": "cypress bluetooth mesh sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "infineon",
"version": "bsa0107_05.01.00-bx8-amesh-08"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"cve": "CVE-2022-31364",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-31364",
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-31364",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31364",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cve@mitre.org",
"id": "CVE-2022-31364",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31364",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31364",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-127",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-127"
},
{
"db": "NVD",
"id": "CVE-2022-31364"
},
{
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. \u00b6\u00b6 In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31364"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"db": "VULMON",
"id": "CVE-2022-31364"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31364",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003140",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-127",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31364",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2022-31364"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-127"
},
{
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"id": "VAR-202302-0396",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "bluetooth device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-03-28T00:42:06.562000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.infineon.com/cms/jp/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-31364 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31364"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://docs.google.com/document/d/1tcjg1ubytfx4snvewwpnxd7pb6z__iig/edit"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31364"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31364/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-31364"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2022-31364"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-127"
},
{
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2022-31364"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-127"
},
{
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31364"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-127"
},
{
"date": "2023-02-01T21:15:08.677000",
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31364"
},
{
"date": "2023-09-01T04:33:00",
"db": "JVNDB",
"id": "JVNDB-2023-003140"
},
{
"date": "2023-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-127"
},
{
"date": "2025-03-27T15:15:37.817000",
"db": "NVD",
"id": "CVE-2022-31364"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-127"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cypress\u00a0Bluetooth\u00a0Mesh\u00a0SDK\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003140"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-127"
}
],
"trust": 0.6
}
}
VAR-202302-0049
Vulnerability from variot - Updated: 2025-03-27 20:22Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202302-0049",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cypress bluetooth mesh software development kit",
"scope": "eq",
"trust": 1.0,
"vendor": "infineon",
"version": "bsa0107_05.01.00-bx8-amesh-08"
},
{
"model": "cypress bluetooth mesh sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "infineon",
"version": null
},
{
"model": "cypress bluetooth mesh sdk",
"scope": "eq",
"trust": 0.8,
"vendor": "infineon",
"version": "bsa0107_05.01.00-bx8-amesh-08"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"cve": "CVE-2022-31363",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "cve@mitre.org",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.3,
"id": "CVE-2022-31363",
"impactScore": 5.3,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2022-31363",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-31363",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "cve@mitre.org",
"id": "CVE-2022-31363",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2022-31363",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2022-31363",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202302-129",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-129"
},
{
"db": "NVD",
"id": "CVE-2022-31363"
},
{
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. \u00b6\u00b6 In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-31363"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"db": "VULMON",
"id": "CVE-2022-31363"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-31363",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003141",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202302-129",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2022-31363",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2022-31363"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-129"
},
{
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"id": "VAR-202302-0049",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
}
],
"trust": 0.01
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"network device"
],
"sub_category": "bluetooth device",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-03-27T20:22:56.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "top page",
"trust": 0.8,
"url": "https://www.infineon.com/cms/jp/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/Live-Hack-CVE/CVE-2022-31363 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-31363"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://docs.google.com/document/d/1iszze8ig6hzvsrldmxw0bibzlgmmtu5w/edit"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31363"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-31363/"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://github.com/live-hack-cve/cve-2022-31363"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2022-31363"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-129"
},
{
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULMON",
"id": "CVE-2022-31363"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"db": "CNNVD",
"id": "CNNVD-202302-129"
},
{
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-01T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31363"
},
{
"date": "2023-09-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"date": "2023-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-129"
},
{
"date": "2023-02-01T21:15:08.610000",
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2023-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2022-31363"
},
{
"date": "2023-09-01T04:39:00",
"db": "JVNDB",
"id": "JVNDB-2023-003141"
},
{
"date": "2023-02-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202302-129"
},
{
"date": "2025-03-27T15:15:37.670000",
"db": "NVD",
"id": "CVE-2022-31363"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-129"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cypress\u00a0Bluetooth\u00a0Mesh\u00a0SDK\u00a0 Out-of-bounds write vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-003141"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202302-129"
}
],
"trust": 0.6
}
}
CVE-2022-31364 (GCVE-0-2022-31364)
Vulnerability from nvd – Published: 2023-02-01 00:00 – Updated: 2025-03-27 14:30
VLAI
Summary
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:29:18.315527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:30:16.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. \u00b6\u00b6 In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:L/C:H/I:L/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31364",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2025-03-27T14:30:16.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31363 (GCVE-0-2022-31363)
Vulnerability from nvd – Published: 2023-02-01 00:00 – Updated: 2025-03-27 14:32
VLAI
Summary
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1iSZze8Ig6HZVsrldmXw0bibZLGMMTU5w/edit"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31363",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:31:56.262349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:32:20.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. \u00b6\u00b6 In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:L/C:H/I:L/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.google.com/document/d/1iSZze8Ig6HZVsrldmXw0bibZLGMMTU5w/edit"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31363",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2025-03-27T14:32:20.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15361 (GCVE-0-2017-15361)
Vulnerability from nvd – Published: 2017-10-16 17:00 – Updated: 2024-08-05 19:57
VLAI
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public
2017-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://keychest.net/roca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-14T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://keychest.net/roca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
"refsource": "MISC",
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
"refsource": "MISC",
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"name": "https://blog.cr.yp.to/20171105-infineon.html",
"refsource": "MISC",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"name": "https://monitor.certipath.com/rsatest",
"refsource": "MISC",
"url": "https://monitor.certipath.com/rsatest"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
"refsource": "MISC",
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
"refsource": "MISC",
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"name": "http://support.lenovo.com/us/en/product_security/LEN-15552",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171024-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
"refsource": "MISC",
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"name": "https://github.com/crocs-muni/roca",
"refsource": "MISC",
"url": "https://github.com/crocs-muni/roca"
},
{
"name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
"refsource": "MISC",
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101484"
},
{
"name": "https://keychest.net/roca",
"refsource": "MISC",
"url": "https://keychest.net/roca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15361",
"datePublished": "2017-10-16T17:00:00.000Z",
"dateReserved": "2017-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:25.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9647 (GCVE-0-2017-9647)
Vulnerability from nvd – Published: 2017-08-07 08:00 – Updated: 2024-08-05 17:18
VLAI
Summary
A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100132 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Continental AG Infineon S-Gold 2 (PMB 8876) |
Affected:
Continental AG Infineon S-Gold 2 (PMB 8876)
|
Date Public
2017-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
],
"datePublic": "2017-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"version": {
"version_data": [
{
"version_value": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100132"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9647",
"datePublished": "2017-08-07T08:00:00.000Z",
"dateReserved": "2017-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:00.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9633 (GCVE-0-2017-9633)
Vulnerability from nvd – Published: 2017-08-07 08:00 – Updated: 2025-05-06 14:56
VLAI
Summary
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100132 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Continental AG Infineon S-Gold 2 (PMB 8876) |
Affected:
Continental AG Infineon S-Gold 2 (PMB 8876)
|
Date Public
2017-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-9633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:32:51.513984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T14:56:50.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
],
"datePublic": "2017-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"version": {
"version_data": [
{
"version_value": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100132"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9633",
"datePublished": "2017-08-07T08:00:00.000Z",
"dateReserved": "2017-06-14T00:00:00.000Z",
"dateUpdated": "2025-05-06T14:56:50.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31364 (GCVE-0-2022-31364)
Vulnerability from cvelistv5 – Published: 2023-02-01 00:00 – Updated: 2025-03-27 14:30
VLAI
Summary
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31364",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:29:18.315527Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:30:16.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is lower_transport_layer_on_seg. \u00b6\u00b6 In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered by sending a series of segmented packets with inconsistent SegN."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:L/C:H/I:L/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.google.com/document/d/1tCJg1uBYtfx4SNvewWPNXd7PB6Z__iiG/edit"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31364",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2025-03-27T14:30:16.728Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-31363 (GCVE-0-2022-31363)
Vulnerability from cvelistv5 – Published: 2023-02-01 00:00 – Updated: 2025-03-27 14:32
VLAI
Summary
Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. ¶¶ In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU.
Severity
8.2 (High)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:19:05.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://docs.google.com/document/d/1iSZze8Ig6HZVsrldmXw0bibZLGMMTU5w/edit"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-31363",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-27T14:31:56.262349Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-27T14:32:20.018Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cypress : https://www.infineon.com/ Cypress Bluetooth Mesh SDK BSA0107_05.01.00-BX8-AMESH-08 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: affected function is pb_transport_handle_frag_. \u00b6\u00b6 In Cypress Bluetooth Mesh SDK, there is an out-of-bound write vulnerability that can be triggered during mesh provisioning. Because there is no check for mismatched SegN and TotalLength in Transaction Start PDU."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:A/A:L/C:H/I:L/PR:L/S:C/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-01T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://docs.google.com/document/d/1iSZze8Ig6HZVsrldmXw0bibZLGMMTU5w/edit"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-31363",
"datePublished": "2023-02-01T00:00:00.000Z",
"dateReserved": "2022-05-23T00:00:00.000Z",
"dateUpdated": "2025-03-27T14:32:20.018Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15361 (GCVE-0-2017-15361)
Vulnerability from cvelistv5 – Published: 2017-10-16 17:00 – Updated: 2024-08-05 19:57
VLAI
Summary
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
Date Public
2017-10-16 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:25.602Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://keychest.net/roca"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-14T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://monitor.certipath.com/rsatest"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/crocs-muni/roca"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101484"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://keychest.net/roca"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
"refsource": "MISC",
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
"refsource": "MISC",
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"name": "https://blog.cr.yp.to/20171105-infineon.html",
"refsource": "MISC",
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
},
{
"name": "https://monitor.certipath.com/rsatest",
"refsource": "MISC",
"url": "https://monitor.certipath.com/rsatest"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
},
{
"name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
"refsource": "MISC",
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
"refsource": "MISC",
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"name": "http://support.lenovo.com/us/en/product_security/LEN-15552",
"refsource": "CONFIRM",
"url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
},
{
"name": "https://security.netapp.com/advisory/ntap-20171024-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
"refsource": "MISC",
"url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"name": "VU#307015",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"name": "https://github.com/crocs-muni/roca",
"refsource": "MISC",
"url": "https://github.com/crocs-muni/roca"
},
{
"name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
"refsource": "MISC",
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
"refsource": "CONFIRM",
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"name": "101484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101484"
},
{
"name": "https://keychest.net/roca",
"refsource": "MISC",
"url": "https://keychest.net/roca"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15361",
"datePublished": "2017-10-16T17:00:00.000Z",
"dateReserved": "2017-10-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:57:25.602Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9633 (GCVE-0-2017-9633)
Vulnerability from cvelistv5 – Published: 2017-08-07 08:00 – Updated: 2025-05-06 14:56
VLAI
Summary
An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100132 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Continental AG Infineon S-Gold 2 (PMB 8876) |
Affected:
Continental AG Infineon S-Gold 2 (PMB 8876)
|
Date Public
2017-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:11:02.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2017-9633",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T13:32:51.513984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-06T14:56:50.202Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
],
"datePublic": "2017-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "CWE-119",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"version": {
"version_data": [
{
"version_value": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Restriction of Operations within the Bounds of a Memory Buffer issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. A vulnerability in the temporary mobile subscriber identity (TMSI) may allow an attacker to access and control memory. This may allow remote code execution on the baseband radio processor of the TCU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100132"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9633",
"datePublished": "2017-08-07T08:00:00.000Z",
"dateReserved": "2017-06-14T00:00:00.000Z",
"dateUpdated": "2025-05-06T14:56:50.202Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9647 (GCVE-0-2017-9647)
Vulnerability from cvelistv5 – Published: 2017-08-07 08:00 – Updated: 2024-08-05 17:18
VLAI
Summary
A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU.
Severity
No CVSS data available.
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/100132 | vdb-entryx_refsource_BID |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Continental AG Infineon S-Gold 2 (PMB 8876) |
Affected:
Continental AG Infineon S-Gold 2 (PMB 8876)
|
Date Public
2017-08-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:18:00.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
],
"datePublic": "2017-08-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T09:57:02.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "100132",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100132"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-9647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Continental AG Infineon S-Gold 2 (PMB 8876)",
"version": {
"version_data": [
{
"version_value": "Continental AG Infineon S-Gold 2 (PMB 8876)"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Stack-Based Buffer Overflow issue was discovered in the Continental AG Infineon S-Gold 2 (PMB 8876) chipset on BMW several models produced between 2009-2010, Ford a limited number of P-HEV vehicles, Infiniti 2013 JX35, Infiniti 2014-2016 QX60, Infiniti 2014-2016 QX60 Hybrid, Infiniti 2014-2015 QX50, Infiniti 2014-2015 QX50 Hybrid, Infiniti 2013 M37/M56, Infiniti 2014-2016 Q70, Infiniti 2014-2016 Q70L, Infiniti 2015-2016 Q70 Hybrid, Infiniti 2013 QX56, Infiniti 2014-2016 QX 80, and Nissan 2011-2015 Leaf. An attacker with a physical connection to the TCU may exploit a buffer overflow condition that exists in the processing of AT commands. This may allow arbitrary code execution on the baseband radio processor of the TCU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100132"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-208-01"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-9647",
"datePublished": "2017-08-07T08:00:00.000Z",
"dateReserved": "2017-06-14T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:18:00.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}