The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
|
History
21 Nov 2024, 03:14
Type | Values Removed | Values Added |
---|---|---|
References | () http://support.lenovo.com/us/en/product_security/LEN-15552 - Mitigation, Third Party Advisory | |
References | () http://www.securityfocus.com/bid/101484 - Third Party Advisory, VDB Entry | |
References | () https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ - Issue Tracking, Third Party Advisory | |
References | () https://blog.cr.yp.to/20171105-infineon.html - | |
References | () https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf - | |
References | () https://crocs.fi.muni.cz/public/papers/rsa_ccs17 - Issue Tracking, Mitigation, Third Party Advisory | |
References | () https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ - Issue Tracking, Third Party Advisory | |
References | () https://github.com/crocs-muni/roca - Mitigation, Third Party Advisory | |
References | () https://github.com/iadgov/Detect-CVE-2017-15361-TPM - Mitigation, Third Party Advisory | |
References | () https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 - | |
References | () https://keychest.net/roca - Issue Tracking, Mitigation, Third Party Advisory | |
References | () https://monitor.certipath.com/rsatest - Mitigation, Third Party Advisory | |
References | () https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://security.netapp.com/advisory/ntap-20171024-0001/ - | |
References | () https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update - Issue Tracking, Mitigation, Patch, Third Party Advisory | |
References | () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us - | |
References | () https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us - | |
References | () https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 - Mitigation, Vendor Advisory | |
References | () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html - | |
References | () https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html - | |
References | () https://www.kb.cert.org/vuls/id/307015 - Issue Tracking, Mitigation, Third Party Advisory, US Government Resource | |
References | () https://www.yubico.com/support/security-advisories/ysa-2017-01/ - Mitigation, Third Party Advisory |
Information
Published : 2017-10-16 17:29
Updated : 2024-11-21 03:14
NVD link : CVE-2017-15361
Mitre link : CVE-2017-15361
CVE.ORG link : CVE-2017-15361
JSON object : View
Products Affected
hp
- chromebox_g1
- chromebook_14_g3
- chromebook_14
- chromebook_14_g4
- chromebook_14_x000-x999
- chromebook_11_g5_ee
- chromebook_11_g3
- chromebook_13_g1
- chromebook_11_g5
- chromebook_11_2000-2099
- chromebook
- chromebox_cb1-\(000-099\)
- chromebook_11_2200-2299
- chromebook_11_g1
- chromebook_11_g2
- chromebook_11-vxxx
- chromebook_11_2100-2199
- chromebook_11_g4\/g4_ee
- chromebook_11_1100-1199
- chromebook_14_ak000-099
samsung
- chromebook_plus
- chromebook_2_13
- chromebook_3
- chromebook_2_11
- chromebook_2_11_xe500c12
- chromebook_pro
acer
- chromebook_14_cb3-431
- chromebook_r11
- chromebook_11_c771
- chromebox
- chromebase
- chromebase_24
- chromebook_15_cb3-531
- chromebook_11_c730e
- chromebook_11_c735
- c720_chromebook
- chromebook_11_c740
- chromebook_11_c771t
- chromebook_15_cb3-532
- chromebook_11_n7_c731
- chromebook_15_cb5-571
- chromebox_cxi2
- chromebook_14_for_work_cp5-471
- chromebook_r13_cb5-312t
- chromebook_13_cb5-311
- chromebook_11_c730
asus
- chromebook_c201pa
- chromebook_flip_c100pa
- chromebook_c300
- chromebox_cn60
- chromebox_cn62
- chromebook_c301sa
- chromebit_cs10
- chromebook_flip_c302
- chromebook_c300sa
- chromebook_c202sa
- chromebook_c200
medion
- akoya_s2013
- chromebook_s2015
nexian
- chromebook
rgs
- education_chromebook
true
- idc_chromebook_11
- idc_chromebook
videonet
- chromebook
- chromebook_bl10
haier
- chromebook_11
- chromebook_11_c
- chromebook_11e
- chromebook_11_g2
prowise
- proline_chromebook
- entry_line_chromebook
pcmerge
- chromebook_pcm-116t-432b
poin2
- chromebook_14
- chromebook_11
hisense
- chromebook_11
ctl
- j2_chromebook
- nl61_chromebook
- j4_chromebook
- n6_chromebook
- j5_chromebook
lenovo
- n22_chromebook
- n23_yoga_11_chromebook
- thinkcentre_chromebox
- n20_chromebook
- n23_flex_11_chromebook
- n42_chromebook
- thinkpad_11e_chromebook
- n21_chromebook
- n23_chromebook
- 100s_chromebook
- thinkpad_13_chromebook
epik
- chromebook_elb1101
bobicus
- chromebook_11
aopen
- chromebox
- chromeboxi
- chromebase
dell
- chromebook_11
- chromebook_11_3120
- chromebox
- chromebook_11_model_3180
- chromebook_13_3380
- chromebook_11_3189
edxis
- education_chromebook
- chromebook
- pixel
hexa
- chromebook_pi
edugear
- cmt_chromebook
- chromebook_r
- chromebook_k
- chromebook_m
sector-five
- e1_rugged_chromebook
senkatel
- c1101_chromebook
ncomputing
- chromebook_cx100
xolo
- chromebook
lg
- chromebase_22cb25s
- chromebase_22cv241
positivo
- chromebook_ch1190
viglen
- chromebook_360
- chromebook_11
infineon
- rsa_library
- trusted_platform_firmware
toshiba
- chromebook_2
- chromebook
asi
- chromebook
mercer
- chromebook
- v2_chromebook
CWE