The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/92179 | Third Party Advisory VDB Entry |
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt | Third Party Advisory |
https://support.lenovo.com/product_security/len_7267 | Vendor Advisory |
https://www.bastille.net/research/vulnerabilities/keyjack | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
No history.
Information
Published : 2016-08-02 14:59
Updated : 2024-02-28 15:21
NVD link : CVE-2016-6257
Mitre link : CVE-2016-6257
CVE.ORG link : CVE-2016-6257
JSON object : View
Products Affected
dell
- km714_firmware
- km632_dongle
- km714_dongle
- km632_firmware
- km632_wireless_keyboard
- km714_wireless_keyboard
lenovo
- ultraslim_firmware
- ultraslim_dongle
- ultraslim_wireless_keyboard
logitech
- unifying_firmware
- unifying_dongle
amazonbasics
- firmware
- usb_dongle
- wireless_keyboard
CWE
CWE-310
Cryptographic Issues