ID
VAR-201710-0668
CVE
CVE-2017-15361
TITLE
Infineon RSA library does not properly generate RSA key pairs
Trust: 0.8
DESCRIPTION
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. This vulnerability is often cited as "ROCA" in the media. Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. As a result, generated using this library RSA The private key corresponding to the public key may be obtained. Cryptographic issues (CWE-310) - CVE-2017-15361 Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. Using the library RSA When generating a key pair, a more efficient search method than the exhaustive key search can be applied. at least 2048 There is a possibility of obtaining a secret key with a key length of less than or equal to bits. This attack was generated by the library RSA It can be applied simply by obtaining a public key. In addition, this case RSA Problem with key generation ECC ( Elliptic curve cryptography ) Is not affected. Also generated by other devices and libraries RSA key Can also be used safely with this library. The library is Trusted Platform Modules (TPM) Or a smart card. Information on affected vendors is available on the developer's site. For details, refer to the information published by the discoverer. Developer site https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Information published by the discoverer https://crocs.fi.muni.cz/public/papers/rsa_ccs17Using the library RSA If a key is generated, there is a possibility that a private key may be obtained by a remote third party. An attacker could exploit this vulnerability to compromise the encryption protection mechanism. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03789en_us Version: 2 HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2017-10-18 Last Updated: 2017-10-17 Potential Security Impact: Local: Unauthorized Access to Data; Remote: Unauthorized Access to Data Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data. References: - PSRT110605 - PSRT110598 - CVE-2017-15361 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This is the Gen9 TPM 2.0 option (only Gen9 servers could have this option). The TPM 2.0 Option for Gen9 servers is not standard on Gen9 servers - - it is an option. - HP ProLiant BL460c Gen9 Server Blade n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant BL660c Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL120 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL160 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL360 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL380 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL388 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL580 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL60 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL80 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML110 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML150 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE Apollo 4200 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL20 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL560 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug 4LFF SATA 300W AP Svr/Promo n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W Svr/S-Buy n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W Perf Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/GO n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/TV n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML30 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL170r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL190r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL260a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL450 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-15361 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has provided both an updated system ROM, and updated TPM firmware to correct this issue for impacted systems. Update the system ROM and "HPE Trusted Platform Module 2.0 Option" to firmware version 5.62 or subsequent. The latest version of the System ROM is available, and must be updated before updating the TPM firmware. Use these instructions: 1.Click the following link: * <http://www.hpe.com/support/hpesc> 2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a Product Name or Number. 3.Click Go. 4.Select the appropriate product model from the Results list (if prompted). 5.Click the "drivers, software & firmware" hyperlink under the Download Options tab. 6.Select the system's specific operating system from the Operating Systems dropdown menu. 7.Click the category BIOS - System ROM. 8.Select the latest release of HPE System ROM Version 2.50 (or later). 9.Click Download. The latest version of the TPM firmware is available. Use these instructions: 1.Click the following link: * <http://www.hpe.com/support/hpesc> 2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a Product Name or Number. 3.Click Go. 4.Select the appropriate product model from the Results list (if prompted). 5.Click the "drivers, software & firmware" hyperlink under the Download Options tab. 6.Select the system's specific operating system from the Operating Systems dropdown menu. 7.Click the category Firmware. 8.Select the latest release of the HPE Trusted Platform Module 2.0 Option firmware update for HPE Gen9 Severs Version 5.62 (or later). 9.Click Download. **Note:** * After the firmware upgrade, the TPM will generate RSA keys using an improved algorithm. Revoking the weak TPM generated RSA keys will still be required. Refer to the OS documentation for OS-specific instructions. In addition, a System ROM update to version 2.50 (or later) is required before updating the TPM 2.0 firmware. * Please refer to the HPE *Customer Bulletin* as well: - **HPE ProLiant Gen9 Servers** - Potential Vulnerability in the HPE Trusted Platform Module 2.0 Option Firmware Version 5.51 for HPE ProLiant Gen9 Servers <http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=a00028289en_us> HISTORY Version:1 (rev.1) - 16 October 2017 Initial release Version:2 (rev.2) - 17 October 2017 Added CVE reference Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJZ5k72AAoJELXhAxt7SZaiU4EIAKJK3i30Qui8Fqm7/Kr5R/oB UgW8kg/4EkbEpJ7ewQwjE2gaIMUmo6q2we+mpLU3/4T8+ZcZgxw7hDZqOrOn7V08 rzchXK1oLqdW9vu0BlWrUK6TTWHghW38nwqLHhmxuRavrVR4kYB+ctfFUS3vaSVd eQWBn6coSrkeToazgtvlPilChl1ygH4NITmLBXPnSbcp8U1yLhF+j0eUKLcZnR8l OMi65CVCNWCcSL3NV6x4NXvREmehKXGqgokGUe6rBWucU+A21W66GhsnhC5ysa4j SR8Ungf0W1QihfW3+Jijiu5hC7mrcZrGi+AZAvJDb4S5zvfM+hVUZNuEGa6nzVM= =KoaT -----END PGP SIGNATURE-----
Trust: 3.6
IOT TAXONOMY
| category: | ['ICS'] | sub_category: | - | Trust: 0.8 |
AFFECTED PRODUCTS
| vendor: | infineon | model: | trusted platform | scope: | eq | version: | 133.32 | Trust: 1.6 |
| vendor: | infineon | model: | trusted platform | scope: | eq | version: | 6.40 | Trust: 1.6 |
| vendor: | infineon | model: | trusted platform | scope: | eq | version: | 4.31 | Trust: 1.6 |
| vendor: | infineon | model: | trusted platform | scope: | eq | version: | 4.32 | Trust: 1.6 |
| vendor: | infineon | model: | rsa library | scope: | eq | version: | 1.02.013 | Trust: 1.2 |
| vendor: | infineon | model: | rsa library | scope: | lte | version: | 1.02.013 | Trust: 1.0 |
| vendor: | atos se | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | dell | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | fujitsu | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | gemalto av | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | model: | - | scope: | - | version: | - | Trust: 0.8 | |
| vendor: | hewlett packard | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | infineon | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | lenovo | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | microsoft | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | rubrik | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | taglio | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | winmagic | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | yubico | model: | - | scope: | - | version: | - | Trust: 0.8 |
| vendor: | infineon | model: | rsa library | scope: | eq | version: | version 1.02.013 | Trust: 0.8 |
| vendor: | yubico | model: | yubikey 4c | scope: | eq | version: | 4.3.4 | Trust: 0.3 |
| vendor: | yubico | model: | yubikey 4c | scope: | eq | version: | 4.2.6 | Trust: 0.3 |
| vendor: | yubico | model: | yubikey nano | scope: | eq | version: | 44.3.4 | Trust: 0.3 |
| vendor: | yubico | model: | yubikey nano | scope: | eq | version: | 44.2.6 | Trust: 0.3 |
| vendor: | yubico | model: | yubikey | scope: | eq | version: | 44.3.4 | Trust: 0.3 |
| vendor: | yubico | model: | yubikey | scope: | eq | version: | 44.2.6 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad yoga s1 | scope: | eq | version: | 2600 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad yoga s3 | scope: | eq | version: | 144600 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad yoga 11e | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad | scope: | eq | version: | x2600 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad tablet | scope: | eq | version: | x10 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad carbon | scope: | eq | version: | x10 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad t560 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad t470p | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad t460s | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad p70 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad p51 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad p50s | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad p50 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad l570 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad l560 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad l470 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad l460 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad e565 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad e560 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad e465 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad e460 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | lenovo | model: | thinkpad 11e | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | infineon | model: | rsa library | scope: | eq | version: | 1.2.13 | Trust: 0.3 |
| vendor: | hp | model: | trusted platform module option kit | scope: | eq | version: | 2.0 | Trust: 0.3 |
| vendor: | hp | model: | slb (tpm | scope: | eq | version: | 96702.0)0 | Trust: 0.3 |
| vendor: | hp | model: | slb (tpm | scope: | eq | version: | 96701.2)0 | Trust: 0.3 |
| vendor: | hp | model: | slb (tpm | scope: | eq | version: | 96652.0)0 | Trust: 0.3 |
| vendor: | hp | model: | slb (tpm | scope: | eq | version: | 96601.2)0 | Trust: 0.3 |
| vendor: | hp | model: | mobile workstation | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | mobile thin client and tablet | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | hp | model: | commercial notebook pc | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | model: | chrome os m63 | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | chrome os m62 | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | model: | chrome os m61 | scope: | - | version: | - | Trust: 0.3 | |
| vendor: | gemalto | model: | idprime.net | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 2.0 fw7.61 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 2.0 fw7.00 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 2.0 fw5.61 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 2.0 fw5.00 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw6.42 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw6.00 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw4.42 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw4.40 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw4.33 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw4.00 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw149.32 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | fujitsu | model: | tpm 1.2 fw133.32 | scope: | - | version: | - | Trust: 0.3 |
| vendor: | model: | chrome os m80 | scope: | ne | version: | - | Trust: 0.3 | |
| vendor: | trusted platform | model: | - | scope: | eq | version: | 4.31 | Trust: 0.2 |
| vendor: | trusted platform | model: | - | scope: | eq | version: | 4.32 | Trust: 0.2 |
| vendor: | trusted platform | model: | - | scope: | eq | version: | 6.40 | Trust: 0.2 |
| vendor: | trusted platform | model: | - | scope: | eq | version: | 133.32 | Trust: 0.2 |
| vendor: | rsa library | model: | - | scope: | eq | version: | * | Trust: 0.2 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-noinfo | Trust: 1.0 |
| problemtype: | CWE-310 | Trust: 0.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
encryption problem
Trust: 0.6
CONFIGURATIONS
EXPLOIT AVAILABILITY
PATCH
| title: | Information on TPM firmware update for Microsoft Windows systems as announced on Microsoft`s patchday on October 10th 2017 | url: | https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 | Trust: 0.8 |
| title: | Security Alert 20171012 | url: | http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2017/securityalert20171012.html | Trust: 0.8 |
| title: | Infineon RSA Library Encryption Security Bypass Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/105950 | Trust: 0.6 |
| title: | Infineon Trusted Platform Module Infineon RSA Repair measures for library security vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75565 | Trust: 0.6 |
| title: | The Register | url: | https://www.theregister.co.uk/2017/10/23/roca_crypto_flaw_gemalto/ | Trust: 0.2 |
| title: | The Register | url: | https://www.theregister.co.uk/2017/10/16/roca_crypto_vuln_infineon_chips/ | Trust: 0.2 |
| title: | HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM | url: | https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=d442339efd5a6d4834ac93a8dc07c35d | Trust: 0.1 |
| title: | HP: HPSBHF03568 rev. 11 - Infineon TPM Security Update | url: | https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBHF03568 | Trust: 0.1 |
| title: | HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03568 rev. 11 - Infineon TPM Security Update | url: | https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=ca9eba9c5c56724cf0dd05e2bbff5dc4 | Trust: 0.1 |
| title: | HP: HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM | url: | https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=HPSBPI03583 | Trust: 0.1 |
| title: | HP: SUPPORT COMMUNICATION- SECURITY BULLETIN HPSBHF03568 rev. 11 - Infineon TPM Security Update | url: | https://vulmon.com/vendoradvisory?qidtp=hp_bulletin&qid=03aca358debd7682b3b457bbf62087d3 | Trust: 0.1 |
| title: | Infineon-CVE-2017-15361 | url: | https://github.com/lva/Infineon-CVE-2017-15361 | Trust: 0.1 |
| title: | RocaCmTest | url: | https://github.com/jnpuskar/RocaCmTest | Trust: 0.1 |
| title: | zeek-plugin-roca | url: | https://github.com/0xxon/bro-plugin-roca | Trust: 0.1 |
| title: | Detect-CVE-2017-15361-TPM | url: | https://github.com/nsacyber/Detect-CVE-2017-15361-TPM | Trust: 0.1 |
| title: | cedarkey | url: | https://github.com/nuclearcat/cedarkey | Trust: 0.1 |
| title: | roca | url: | https://github.com/brunoproduit/roca | Trust: 0.1 |
| title: | zeek-plugin-roca | url: | https://github.com/0xxon/zeek-plugin-roca | Trust: 0.1 |
| title: | tpm-firmware | url: | https://github.com/fishilico/tpm-firmware | Trust: 0.1 |
| title: | - | url: | https://github.com/google/paranoid_crypto | Trust: 0.1 |
| title: | Exp101tsArchiv30thers | url: | https://github.com/nu11secur1ty/Exp101tsArchiv30thers | Trust: 0.1 |
| title: | awesome-cve-poc_qazbnm456 | url: | https://github.com/xbl3/awesome-cve-poc_qazbnm456 | Trust: 0.1 |
| title: | BleepingComputer | url: | https://www.bleepingcomputer.com/news/security/microsoft-warns-of-windows-hello-for-business-orphaned-key-risks/ | Trust: 0.1 |
| title: | Threatpost | url: | https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/ | Trust: 0.1 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2017-15361 | Trust: 3.8 |
| db: | CERT/CC | id: | VU#307015 | Trust: 3.7 |
| db: | BID | id: | 101484 | Trust: 2.7 |
| db: | LENOVO | id: | LEN-15552 | Trust: 2.1 |
| db: | SIEMENS | id: | SSA-470231 | Trust: 1.8 |
| db: | ICS CERT | id: | ICSA-18-058-01 | Trust: 1.8 |
| db: | CNNVD | id: | CNNVD-201710-558 | Trust: 0.9 |
| db: | ICS CERT | id: | ICSA-18-058-01A | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2017-33657 | Trust: 0.8 |
| db: | JVN | id: | JVNVU95530052 | Trust: 0.8 |
| db: | JVNDB | id: | JVNDB-2017-008423 | Trust: 0.8 |
| db: | IVD | id: | 0E0DF457-AAB1-4879-A7C8-5371086A00D5 | Trust: 0.2 |
| db: | PACKETSTORM | id: | 144646 | Trust: 0.2 |
| db: | SEEBUG | id: | SSVID-99005 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-106176 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2017-15361 | Trust: 0.1 |
REFERENCES
| url: | https://crocs.fi.muni.cz/public/papers/rsa_ccs17 | Trust: 3.4 |
| url: | https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirid=59160 | Trust: 3.4 |
| url: | https://www.kb.cert.org/vuls/id/307015 | Trust: 3.0 |
| url: | http://support.lenovo.com/us/en/product_security/len-15552 | Trust: 2.9 |
| url: | https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv170012 | Trust: 2.9 |
| url: | https://github.com/crocs-muni/roca | Trust: 2.6 |
| url: | https://blog.cr.yp.to/20171105-infineon.html | Trust: 2.6 |
| url: | https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/101484 | Trust: 1.8 |
| url: | https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf | Trust: 1.8 |
| url: | https://security.netapp.com/advisory/ntap-20171024-0001/ | Trust: 1.8 |
| url: | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html | Trust: 1.8 |
| url: | https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html | Trust: 1.8 |
| url: | https://www.yubico.com/support/security-advisories/ysa-2017-01/ | Trust: 1.8 |
| url: | https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ | Trust: 1.8 |
| url: | https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ | Trust: 1.8 |
| url: | https://github.com/iadgov/detect-cve-2017-15361-tpm | Trust: 1.8 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-18-058-01 | Trust: 1.8 |
| url: | https://keychest.net/roca | Trust: 1.8 |
| url: | https://monitor.certipath.com/rsatest | Trust: 1.8 |
| url: | https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03801en_us | Trust: 1.7 |
| url: | https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03789en_us | Trust: 1.7 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2017-15361 | Trust: 1.5 |
| url: | https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03789en_us | Trust: 0.9 |
| url: | https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf | Trust: 0.8 |
| url: | http://cwe.mitre.org/data/definitions/310.html | Trust: 0.8 |
| url: | http://www.dell.com/support/article/us/en/19/sln307820/ | Trust: 0.8 |
| url: | http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html | Trust: 0.8 |
| url: | https://safenet.gemalto.com/technical-support/security-updates/ | Trust: 0.8 |
| url: | https://support.rubrik.com/articles/how_to/000001116 | Trust: 0.8 |
| url: | https://www.yubico.com/keycheck/ | Trust: 0.8 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15361 | Trust: 0.8 |
| url: | https://www.us-cert.gov/ics/advisories/icsa-18-058-01a | Trust: 0.8 |
| url: | http://jvn.jp/vu/jvnvu95530052/ | Trust: 0.8 |
| url: | https://www.infineon.com/ | Trust: 0.3 |
| url: | https://support.hp.com/us-en/document/c05792935 | Trust: 0.3 |
| url: | https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03789en_us | Trust: 0.1 |
| url: | https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us&docid=emr_na-hpesbhf03801en_us | Trust: 0.1 |
| url: | https://cwe.mitre.org/data/definitions/.html | Trust: 0.1 |
| url: | https://github.com/lva/infineon-cve-2017-15361 | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://ics-cert.us-cert.gov/advisories/icsa-18-058-01a | Trust: 0.1 |
| url: | http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=a00028289en_us> | Trust: 0.1 |
| url: | http://www.hpe.com/support/security_bulletin_archive | Trust: 0.1 |
| url: | https://www.hpe.com/info/report-security-vulnerability | Trust: 0.1 |
| url: | http://www.hpe.com/support/subscriber_choice | Trust: 0.1 |
| url: | http://www.hpe.com/support/hpesc> | Trust: 0.1 |
| url: | https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499 | Trust: 0.1 |
CREDITS
Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.
Trust: 0.3
SOURCES
| db: | IVD | id: | 0e0df457-aab1-4879-a7c8-5371086a00d5 |
| db: | CERT/CC | id: | VU#307015 |
| db: | CNVD | id: | CNVD-2017-33657 |
| db: | VULHUB | id: | VHN-106176 |
| db: | VULMON | id: | CVE-2017-15361 |
| db: | BID | id: | 101484 |
| db: | JVNDB | id: | JVNDB-2017-008423 |
| db: | PACKETSTORM | id: | 144646 |
| db: | CNNVD | id: | CNNVD-201710-558 |
| db: | NVD | id: | CVE-2017-15361 |
LAST UPDATE DATE
2024-11-23T22:38:24.456000+00:00
SOURCES UPDATE DATE
| db: | CERT/CC | id: | VU#307015 | date: | 2017-11-08T00:00:00 |
| db: | CNVD | id: | CNVD-2017-33657 | date: | 2017-11-13T00:00:00 |
| db: | VULHUB | id: | VHN-106176 | date: | 2019-10-03T00:00:00 |
| db: | VULMON | id: | CVE-2017-15361 | date: | 2019-10-03T00:00:00 |
| db: | BID | id: | 101484 | date: | 2017-10-23T20:04:00 |
| db: | JVNDB | id: | JVNDB-2017-008423 | date: | 2019-07-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201710-558 | date: | 2019-10-23T00:00:00 |
| db: | NVD | id: | CVE-2017-15361 | date: | 2024-11-21T03:14:32.883 |
SOURCES RELEASE DATE
| db: | IVD | id: | 0e0df457-aab1-4879-a7c8-5371086a00d5 | date: | 2017-11-13T00:00:00 |
| db: | CERT/CC | id: | VU#307015 | date: | 2017-10-16T00:00:00 |
| db: | CNVD | id: | CNVD-2017-33657 | date: | 2017-11-13T00:00:00 |
| db: | VULHUB | id: | VHN-106176 | date: | 2017-10-16T00:00:00 |
| db: | VULMON | id: | CVE-2017-15361 | date: | 2017-10-16T00:00:00 |
| db: | BID | id: | 101484 | date: | 2017-10-16T00:00:00 |
| db: | JVNDB | id: | JVNDB-2017-008423 | date: | 2017-10-18T00:00:00 |
| db: | PACKETSTORM | id: | 144646 | date: | 2017-10-17T15:22:22 |
| db: | CNNVD | id: | CNNVD-201710-558 | date: | 2017-10-19T00:00:00 |
| db: | NVD | id: | CVE-2017-15361 | date: | 2017-10-16T17:29:00.243 |