Vulnerability Details CVE-2017-15361
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.734
EPSS Ranking 98.7%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://support.lenovo.com/us/en/product_security/LEN-15552
- http://www.securityfocus.com/bid/101484
- https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
- https://blog.cr.yp.to/20171105-infineon.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
- https://crocs.fi.muni.cz/public/papers/rsa_ccs17
- https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/
- https://github.com/crocs-muni/roca
- https://github.com/iadgov/Detect-CVE-2017-15361-TPM
- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
- https://keychest.net/roca
- https://monitor.certipath.com/rsatest
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
- https://security.netapp.com/advisory/ntap-20171024-0001/
- https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
- https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
- https://www.kb.cert.org/vuls/id/307015
- https://www.yubico.com/support/security-advisories/ysa-2017-01/
- http://support.lenovo.com/us/en/product_security/LEN-15552
- http://www.securityfocus.com/bid/101484
- https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
- https://blog.cr.yp.to/20171105-infineon.html
- https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
- https://crocs.fi.muni.cz/public/papers/rsa_ccs17
- https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/
- https://github.com/crocs-muni/roca
- https://github.com/iadgov/Detect-CVE-2017-15361-TPM
- https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
- https://keychest.net/roca
- https://monitor.certipath.com/rsatest
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
- https://security.netapp.com/advisory/ntap-20171024-0001/
- https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
- https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
- https://www.kb.cert.org/vuls/id/307015
- https://www.yubico.com/support/security-advisories/ysa-2017-01/
Products affected by CVE-2017-15361
-
cpe:2.3:a:infineon:rsa_library:1.02.013
-
cpe:2.3:h:acer:c720_chromebook:-
-
cpe:2.3:h:acer:chromebase:-
-
cpe:2.3:h:acer:chromebase_24:-
-
cpe:2.3:h:acer:chromebook_11_c730:-
-
cpe:2.3:h:acer:chromebook_11_c730e:-
-
cpe:2.3:h:acer:chromebook_11_c735:-
-
cpe:2.3:h:acer:chromebook_11_c740:-
-
cpe:2.3:h:acer:chromebook_11_c771:-
-
cpe:2.3:h:acer:chromebook_11_c771t:-
-
cpe:2.3:h:acer:chromebook_11_n7_c731:-
-
cpe:2.3:h:acer:chromebook_13_cb5-311:-
-
cpe:2.3:h:acer:chromebook_14_cb3-431:-
-
cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-
-
cpe:2.3:h:acer:chromebook_15_cb3-531:-
-
cpe:2.3:h:acer:chromebook_15_cb3-532:-
-
cpe:2.3:h:acer:chromebook_15_cb5-571:-
-
cpe:2.3:h:acer:chromebook_r11:-
-
cpe:2.3:h:acer:chromebook_r13_cb5-312t:-
-
cpe:2.3:h:acer:chromebox:-
-
cpe:2.3:h:acer:chromebox_cxi2:-
-
cpe:2.3:h:aopen:chromebase:-
-
cpe:2.3:h:aopen:chromebox:-
-
cpe:2.3:h:aopen:chromeboxi:-
-
cpe:2.3:h:asi:chromebook:-
-
cpe:2.3:h:asus:chromebit_cs10:-
-
cpe:2.3:h:asus:chromebook_c200:-
-
cpe:2.3:h:asus:chromebook_c201pa:-
-
cpe:2.3:h:asus:chromebook_c202sa:-
-
cpe:2.3:h:asus:chromebook_c300:-
-
cpe:2.3:h:asus:chromebook_c300sa:-
-
cpe:2.3:h:asus:chromebook_c301sa:-
-
cpe:2.3:h:asus:chromebook_flip_c100pa:-
-
cpe:2.3:h:asus:chromebook_flip_c302:-
-
cpe:2.3:h:asus:chromebox_cn60:-
-
cpe:2.3:h:asus:chromebox_cn62:-
-
cpe:2.3:h:bobicus:chromebook_11:-
-
cpe:2.3:h:ctl:j2_chromebook:-
-
cpe:2.3:h:ctl:j4_chromebook:-
-
cpe:2.3:h:ctl:j5_chromebook:-
-
cpe:2.3:h:ctl:n6_chromebook:-
-
cpe:2.3:h:ctl:nl61_chromebook:-
-
cpe:2.3:h:dell:chromebook_11:-
-
cpe:2.3:h:dell:chromebook_11_3120:-
-
cpe:2.3:h:dell:chromebook_11_3189:-
-
cpe:2.3:h:dell:chromebook_11_model_3180:-
-
cpe:2.3:h:dell:chromebook_13_3380:-
-
cpe:2.3:h:dell:chromebox:-
-
cpe:2.3:h:edugear:chromebook_k:-
-
cpe:2.3:h:edugear:chromebook_m:-
-
cpe:2.3:h:edugear:chromebook_r:-
-
cpe:2.3:h:edugear:cmt_chromebook:-
-
cpe:2.3:h:edxis:chromebook:-
-
cpe:2.3:h:edxis:education_chromebook:-
-
cpe:2.3:h:epik:chromebook_elb1101:-
-
cpe:2.3:h:google:pixel:-
-
cpe:2.3:h:haier:chromebook_11:-
-
cpe:2.3:h:haier:chromebook_11_c:-
-
cpe:2.3:h:haier:chromebook_11_g2:-
-
cpe:2.3:h:haier:chromebook_11e:-
-
cpe:2.3:h:hexa:chromebook_pi:-
-
cpe:2.3:h:hisense:chromebook_11:-
-
cpe:2.3:h:hp:chromebook:-
-
cpe:2.3:h:hp:chromebook_11-vxxx:-
-
cpe:2.3:h:hp:chromebook_11_1100-1199:-
-
cpe:2.3:h:hp:chromebook_11_2000-2099:-
-
cpe:2.3:h:hp:chromebook_11_2100-2199:-
-
cpe:2.3:h:hp:chromebook_11_2200-2299:-
-
cpe:2.3:h:hp:chromebook_11_g1:-
-
cpe:2.3:h:hp:chromebook_11_g2:-
-
cpe:2.3:h:hp:chromebook_11_g3:-
-
cpe:2.3:h:hp:chromebook_11_g4/g4_ee:-
-
cpe:2.3:h:hp:chromebook_11_g5:-
-
cpe:2.3:h:hp:chromebook_11_g5_ee:-
-
cpe:2.3:h:hp:chromebook_13_g1:-
-
cpe:2.3:h:hp:chromebook_14:-
-
cpe:2.3:h:hp:chromebook_14_ak000-099:-
-
cpe:2.3:h:hp:chromebook_14_g3:-
-
cpe:2.3:h:hp:chromebook_14_g4:-
-
cpe:2.3:h:hp:chromebook_14_x000-x999:-
-
cpe:2.3:h:hp:chromebox_cb1-(000-099):-
-
cpe:2.3:h:hp:chromebox_g1:-
-
cpe:2.3:h:lenovo:100s_chromebook:-
-
cpe:2.3:h:lenovo:n20_chromebook:-
-
cpe:2.3:h:lenovo:n21_chromebook:-
-
cpe:2.3:h:lenovo:n22_chromebook:-
-
cpe:2.3:h:lenovo:n23_chromebook:-
-
cpe:2.3:h:lenovo:n23_flex_11_chromebook:-
-
cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-
-
cpe:2.3:h:lenovo:n42_chromebook:-
-
cpe:2.3:h:lenovo:thinkcentre_chromebox:-
-
cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-
-
cpe:2.3:h:lenovo:thinkpad_13_chromebook:-
-
cpe:2.3:h:lg:chromebase_22cb25s:-
-
cpe:2.3:h:lg:chromebase_22cv241:-
-
cpe:2.3:h:medion:akoya_s2013:-
-
cpe:2.3:h:medion:chromebook_s2015:-
-
cpe:2.3:h:mercer:chromebook:-
-
cpe:2.3:h:mercer:v2_chromebook:-
-
cpe:2.3:h:ncomputing:chromebook_cx100:-
-
cpe:2.3:h:nexian:chromebook:-
-
cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-
-
cpe:2.3:h:poin2:chromebook_11:-
-
cpe:2.3:h:poin2:chromebook_14:-
-
cpe:2.3:h:positivo:chromebook_ch1190:-
-
cpe:2.3:h:prowise:entry_line_chromebook:-
-
cpe:2.3:h:prowise:proline_chromebook:-
-
cpe:2.3:h:rgs:education_chromebook:-
-
cpe:2.3:h:samsung:chromebook_2_11:-
-
cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-
-
cpe:2.3:h:samsung:chromebook_2_13:-
-
cpe:2.3:h:samsung:chromebook_3:-
-
cpe:2.3:h:samsung:chromebook_plus:-
-
cpe:2.3:h:samsung:chromebook_pro:-
-
cpe:2.3:h:sector-five:e1_rugged_chromebook:-
-
cpe:2.3:h:senkatel:c1101_chromebook:-
-
cpe:2.3:h:toshiba:chromebook:-
-
cpe:2.3:h:toshiba:chromebook_2:-
-
cpe:2.3:h:true:idc_chromebook:-
-
cpe:2.3:h:true:idc_chromebook_11:-
-
cpe:2.3:h:videonet:chromebook:-
-
cpe:2.3:h:videonet:chromebook_bl10:-
-
cpe:2.3:h:viglen:chromebook_11:-
-
cpe:2.3:h:viglen:chromebook_360:-
-
cpe:2.3:h:xolo:chromebook:-
-
cpe:2.3:o:infineon:trusted_platform_firmware:133.32
-
cpe:2.3:o:infineon:trusted_platform_firmware:4.31
-
cpe:2.3:o:infineon:trusted_platform_firmware:4.32
-
cpe:2.3:o:infineon:trusted_platform_firmware:6.40