Vulnerability Details CVE-2017-16242
An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.7%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 7.2
References
- https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335
- https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard%28ware%29-Way.pdf
- https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
- https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way
- https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335
- https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard%28ware%29-Way.pdf
- https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
- https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way
Products affected by CVE-2017-16242
-
cpe:2.3:h:meco:usb_memory_stick_with_fingerprint:-
-
cpe:2.3:o:meco:usb_memory_stick_with_fingerprint_firwmare:-