CVE-2017-7932

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.

CVSS v3 6.0 MEDIUM
CVSS v2.0 4.4 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector : AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

Exploitability : 0.5 / Impact : 5.5

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 3.4 / Impact : 6.4

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/99966	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02	Third Party Advisory US Government Resource VDB Entry
http://www.securityfocus.com/bid/99966	Third Party Advisory VDB Entry
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02	Third Party Advisory US Government Resource VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf30nn151cku26_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf30nn151cku26:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf30ns151cku26_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf30ns151cku26:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf50nn151cmk40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf50nn151cmk40:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf50nn151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf50nn151cmk50:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf50ns151cmk40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf50ns151cmk40:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf50ns151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf50ns151cmk50:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf51nn151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf51nn151cmk50:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf51ns151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf51ns151cmk50:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf60nn151cmk40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf60nn151cmk40:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf60ns151cmk40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf60ns151cmk40:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf60nn151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf60nn151cmk50:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf60ns151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf60ns151cmk50:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf61nn151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf61nn151cmk50:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf61ns151cmk50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf61ns151cmk50:-:*:*:*:*:*:*:*

Configuration 15 (hide)

AND

cpe:2.3:o:nxp:vybrid_mvf62nn151cmk40_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:vybrid_mvf62nn151cmk40:-:*:*:*:*:*:*:*

Configuration 16 (hide)

AND

cpe:2.3:o:nxp:i.mx_50_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_50:-:*:*:*:*:*:*:*

Configuration 17 (hide)

AND

cpe:2.3:o:nxp:i.mx_53_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_53:-:*:*:*:*:*:*:*

Configuration 18 (hide)

AND

cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6ull:-:*:*:*:*:*:*:*

Configuration 19 (hide)

AND

cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6ultralite:-:*:*:*:*:*:*:*

Configuration 20 (hide)

AND

cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6sololite:-:*:*:*:*:*:*:*

Configuration 21 (hide)

AND

cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6solo:-:*:*:*:*:*:*:*

Configuration 22 (hide)

AND

cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6duallite:-:*:*:*:*:*:*:*

Configuration 23 (hide)

AND

cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6solox:-:*:*:*:*:*:*:*

Configuration 24 (hide)

AND

cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6dual:-:*:*:*:*:*:*:*

Configuration 25 (hide)

AND

cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6quad:-:*:*:*:*:*:*:*

Configuration 26 (hide)

AND

cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6quadplus:-:*:*:*:*:*:*:*

Configuration 27 (hide)

AND

cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_6dualplus:-:*:*:*:*:*:*:*

Configuration 28 (hide)

AND

cpe:2.3:o:nxp:i.mx_28_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_28:-:*:*:*:*:*:*:*

Configuration 29 (hide)

AND

cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_7dual:-:*:*:*:*:*:*:*

Configuration 30 (hide)

AND

cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:nxp:i.mx_7solo:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:32

Type	Values Removed	Values Added
References	~~() http://www.securityfocus.com/bid/99966 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/99966 - Third Party Advisory, VDB Entry
References	~~() https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 - Third Party Advisory, US Government Resource, VDB Entry~~	() https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 - Third Party Advisory, US Government Resource, VDB Entry

Information

Published : 2017-08-07 08:29

Updated : 2024-11-21 03:32

NVD link : CVE-2017-7932

Mitre link : CVE-2017-7932

CVE.ORG link : CVE-2017-7932

JSON object : View

Products Affected

nxp

vybrid_mvf50ns151cmk40_firmware
vybrid_mvf50nn151cmk40
i.mx_28
i.mx_6quad
i.mx_6quad_firmware
i.mx_6ultralite_firmware
i.mx_7solo_firmware
vybrid_mvf30nn151cku26_firmware
vybrid_mvf61nn151cmk50
i.mx_53
vybrid_mvf60ns151cmk50
i.mx_7solo
vybrid_mvf30ns151cku26
vybrid_mvf60nn151cmk40_firmware
vybrid_mvf50ns151cmk50_firmware
i.mx_6solox
i.mx_6quadplus
i.mx_6ultralite
i.mx_50_firmware
i.mx_6solo
vybrid_mvf60nn151cmk50_firmware
i.mx_53_firmware
i.mx_6duallite_firmware
vybrid_mvf51ns151cmk50_firmware
i.mx_6dualplus
vybrid_mvf51nn151cmk50
i.mx_6dual
vybrid_mvf30nn151cku26
vybrid_mvf51ns151cmk50
i.mx_6dualplus_firmware
i.mx_6solo_firmware
vybrid_mvf60ns151cmk40_firmware
vybrid_mvf50nn151cmk40_firmware
i.mx_6sololite_firmware
vybrid_mvf51nn151cmk50_firmware
vybrid_mvf61ns151cmk50
vybrid_mvf50nn151cmk50_firmware
i.mx_6ull_firmware
i.mx_28_firmware
vybrid_mvf50ns151cmk50
i.mx_50
vybrid_mvf30ns151cku26_firmware
vybrid_mvf50ns151cmk40
vybrid_mvf60ns151cmk50_firmware
vybrid_mvf62nn151cmk40
i.mx_6sololite
vybrid_mvf61nn151cmk50_firmware
i.mx_6duallite
vybrid_mvf60nn151cmk50
i.mx_6ull
i.mx_7dual
vybrid_mvf50nn151cmk50
i.mx_7dual_firmware
vybrid_mvf60ns151cmk40
i.mx_6dual_firmware
vybrid_mvf60nn151cmk40
i.mx_6solox_firmware
i.mx_6quadplus_firmware
vybrid_mvf61ns151cmk50_firmware
vybrid_mvf62nn151cmk40_firmware

CWE

CWE-295

Improper Certificate Validation

6.0 /10