Vulnerability-Lookup

BDU:2019-04743

Vulnerability from fstec - Published: 10.10.2017

Title

Уязвимость библиотеки шифрования Infineon RSA Library, связанная с ошибками при генерации простых чисел в алгоритме RSA, позволяющая нарушителю раскрыть секретную часть ключа

Description

Уязвимость библиотеки шифрования Infineon RSA Library связана с ошибками при генерации простых чисел в алгоритме RSA. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, раскрыть секретную часть ключа

Severity ?


                    
                      AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Vendor

Microsoft Corp, Infineon Technologies AG, Google Inc

Software Name

Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, Windows Server 2016, Windows 10 1709, RSA Library, Trusted Platform Module, Chrome OS

Software Version

- (Windows 8.1), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows RT 8.1), - (Windows 10), - (Windows 10 1511), - (Windows 10 1607), - (Windows 10 1703), - (Windows Server 2016), - (Windows 10 1709), до 1.02.013 (RSA Library), 4.31 (Trusted Platform Module), 4.32 (Trusted Platform Module), 6.40 (Trusted Platform Module), 133.32 (Trusted Platform Module), до M60 (Chrome OS)

Possible Mitigations

Использование рекомендаций: Для программных продуктов Infineon Technologies AG: https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Для программных продуктов Microsoft Corp.: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012 Для программных продуктов Google Inc.: https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

Reference

http://www.dell.com/support/article/us/en/19/sln307820/ https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190026 http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html https://safenet.gemalto.com/technical-support/security-updates/ https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update https://support.hp.com/us-en/document/c05792935 https://nvd.nist.gov/vuln/detail/CVE-2017-15361

CWE

CWE-310

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:H/Au:N/C:C/I:N/A:N",
  "CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, Infineon Technologies AG, Google Inc",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Windows 8.1), - (Windows Server 2012), - (Windows Server 2012 R2), - (Windows RT 8.1), - (Windows 10), - (Windows 10 1511), - (Windows 10 1607), - (Windows 10 1703), - (Windows Server 2016), - (Windows 10 1709), \u0434\u043e 1.02.013 (RSA Library), 4.31 (Trusted Platform Module), 4.32 (Trusted Platform Module), 6.40 (Trusted Platform Module), 133.32 (Trusted Platform Module), \u0434\u043e M60 (Chrome OS)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Infineon Technologies AG:\nhttps://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Google Inc.:\nhttps://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.10.2017",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "17.12.2019",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "17.12.2019",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-04743",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-15361",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Windows 8.1, Windows Server 2012, Windows Server 2012 R2, Windows RT 8.1, Windows 10, Windows 10 1511, Windows 10 1607, Windows 10 1703, Windows Server 2016, Windows 10 1709, RSA Library, Trusted Platform Module, Chrome OS",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Microsoft Corp Windows 8.1 - 64-bit, Microsoft Corp Windows 8.1 - 32-bit, Microsoft Corp Windows Server 2012 - , Microsoft Corp Windows Server 2012 R2 - , Microsoft Corp Windows RT 8.1 - ARM, Microsoft Corp Windows 10 - 64-bit, Microsoft Corp Windows 10 - 32-bit, Microsoft Corp Windows 10 1511 - 64-bit, Microsoft Corp Windows 10 1511 - 32-bit, Microsoft Corp Windows 10 1607 - 64-bit, Microsoft Corp Windows 10 1607 - 32-bit, Microsoft Corp Windows 10 1703 - 32-bit, Microsoft Corp Windows Server 2016 - , Microsoft Corp Windows 10 1703 - 64-bit, Microsoft Corp Windows 10 1709 - 64-bit, Microsoft Corp Windows 10 1709 - 32-bit, Google Inc Chrome OS \u0434\u043e M60 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f Infineon RSA Library, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0447\u0438\u0441\u0435\u043b \u0432 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0435 RSA, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u0443\u044e \u0447\u0430\u0441\u0442\u044c \u043a\u043b\u044e\u0447\u0430",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 (CWE-310)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f Infineon RSA Library \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u043f\u0440\u0438 \u0433\u0435\u043d\u0435\u0440\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0441\u0442\u044b\u0445 \u0447\u0438\u0441\u0435\u043b \u0432 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0435 RSA. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u044c \u0441\u0435\u043a\u0440\u0435\u0442\u043d\u0443\u044e \u0447\u0430\u0441\u0442\u044c \u043a\u043b\u044e\u0447\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0441\u0431\u043e\u0440 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.dell.com/support/article/us/en/19/sln307820/\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV170012\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190026\nhttp://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html\nhttps://safenet.gemalto.com/technical-support/security-updates/\nhttps://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update\nhttps://support.hp.com/us-en/document/c05792935\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15361",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0439 \u043a\u043e\u0434",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-310",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,4)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,9)"
}

CVE-2017-15361 (GCVE-0-2017-15361)

Vulnerability from cvelistv5 – Published: 2017-10-16 17:00 – Updated: 2024-08-05 19:57

Summary

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.infineon.com/cms/en/product/promopage…	x_refsource_MISC
	https://dan.enigmabridge.com/roca-vulnerability-i…	x_refsource_MISC
	https://blog.cr.yp.to/20171105-infineon.html	x_refsource_MISC
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://monitor.certipath.com/rsatest	x_refsource_MISC
	https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01	x_refsource_MISC
	https://portal.msrc.microsoft.com/en-US/security-…	x_refsource_MISC
	https://crocs.fi.muni.cz/public/papers/rsa_ccs17	x_refsource_MISC
	https://arstechnica.com/information-technology/20…	x_refsource_MISC
	http://support.lenovo.com/us/en/product_security/…	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-2017102…	x_refsource_CONFIRM
	https://github.com/iadgov/Detect-CVE-2017-15361-TPM	x_refsource_MISC
	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://www.kb.cert.org/vuls/id/307015	third-party-advisoryx_refsource_CERT-VN
	https://github.com/crocs-muni/roca	x_refsource_MISC
	https://sites.google.com/a/chromium.org/dev/chrom…	x_refsource_MISC
	https://cert-portal.siemens.com/productcert/pdf/s…	x_refsource_CONFIRM
	https://support.hpe.com/hpsc/doc/public/display?d…	x_refsource_CONFIRM
	https://www.intel.com/content/www/us/en/security-…	x_refsource_CONFIRM
	https://www.yubico.com/support/security-advisorie…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/101484	vdb-entryx_refsource_BID
	https://keychest.net/roca	x_refsource_MISC

Date Public ?

2017-10-16 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:57:25.602Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://blog.cr.yp.to/20171105-infineon.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://monitor.certipath.com/rsatest"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
          },
          {
            "name": "VU#307015",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/307015"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/crocs-muni/roca"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
          },
          {
            "name": "101484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101484"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://keychest.net/roca"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-10-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-09-14T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://blog.cr.yp.to/20171105-infineon.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://monitor.certipath.com/rsatest"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
        },
        {
          "name": "VU#307015",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/307015"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/crocs-muni/roca"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
        },
        {
          "name": "101484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101484"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://keychest.net/roca"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15361",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160",
              "refsource": "MISC",
              "url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
            },
            {
              "name": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/",
              "refsource": "MISC",
              "url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
            },
            {
              "name": "https://blog.cr.yp.to/20171105-infineon.html",
              "refsource": "MISC",
              "url": "https://blog.cr.yp.to/20171105-infineon.html"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03801en_us"
            },
            {
              "name": "https://monitor.certipath.com/rsatest",
              "refsource": "MISC",
              "url": "https://monitor.certipath.com/rsatest"
            },
            {
              "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01",
              "refsource": "MISC",
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012",
              "refsource": "MISC",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012"
            },
            {
              "name": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17",
              "refsource": "MISC",
              "url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
            },
            {
              "name": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/",
              "refsource": "MISC",
              "url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
            },
            {
              "name": "http://support.lenovo.com/us/en/product_security/LEN-15552",
              "refsource": "CONFIRM",
              "url": "http://support.lenovo.com/us/en/product_security/LEN-15552"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171024-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
            },
            {
              "name": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM",
              "refsource": "MISC",
              "url": "https://github.com/iadgov/Detect-CVE-2017-15361-TPM"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
            },
            {
              "name": "VU#307015",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/307015"
            },
            {
              "name": "https://github.com/crocs-muni/roca",
              "refsource": "MISC",
              "url": "https://github.com/crocs-muni/roca"
            },
            {
              "name": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update",
              "refsource": "MISC",
              "url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03789en_us"
            },
            {
              "name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html",
              "refsource": "CONFIRM",
              "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
            },
            {
              "name": "https://www.yubico.com/support/security-advisories/ysa-2017-01/",
              "refsource": "CONFIRM",
              "url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
            },
            {
              "name": "101484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101484"
            },
            {
              "name": "https://keychest.net/roca",
              "refsource": "MISC",
              "url": "https://keychest.net/roca"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-15361",
    "datePublished": "2017-10-16T17:00:00.000Z",
    "dateReserved": "2017-10-15T00:00:00.000Z",
    "dateUpdated": "2024-08-05T19:57:25.602Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

BDU:2019-04743

CVE-2017-15361 (GCVE-0-2017-15361)

Tags

Sightings

Nomenclature