Sign-up

ID

VAR-201807-0270


CVE

CVE-2017-3226


TITLE

Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#166743

DESCRIPTION

Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. Devices that make use of Das U-Boot's AES-CBC encryption feature using environment encryption (i.e., setting the configuration parameter CONFIG_ENV_AES=y) read environment variables from disk as the encrypted disk image is processed. An attacker with physical access to the device can manipulate the encrypted environment data to include a crafted two-byte sequence which triggers an error in environment variable parsing. This error condition is improperly handled by Das U-Boot, resulting in an immediate process termination with a debugging message. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector and improper handling of an error condition may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot of AES-CBC Multiple vulnerabilities exist in cryptographic implementations. Das U-Boot of AES-CBC Multiple vulnerabilities exist in the encryption implementation: CBC The initialization vector value used in the mode is not random (CWE-329) - CVE-2017-3225 Das U-Boot of AES-CBC In encryption, the value of the initialization vector 0 using. The attacker Das U-Boot Information may be obtained by performing a dictionary attack on the encrypted data created in. As a result, an attacker could decrypt the content on your device or possibly tamper with it.An attacker with access to the device may be able to decrypt the content on the device. An attacker can exploit these issues to gain access to sensitive information or may perform certain unauthorized actions; this may lead to further attacks

Trust: 2.61

sources: NVD: CVE-2017-3226 // CERT/CC: VU#166743 // JVNDB: JVNDB-2017-010588 // BID: 100675

AFFECTED PRODUCTS

vendor:denxmodel:u-bootscope:ltversion:2017.09

Trust: 1.0

vendor:denx engineeringmodel:u-bootscope: - version: -

Trust: 0.8

vendor:u bootmodel:das u-bootscope:eqversion:0

Trust: 0.3

sources: BID: 100675 // JVNDB: JVNDB-2017-010588 // NVD: CVE-2017-3226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-3226
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2017-010588
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201709-517
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2017-3226
severity: MEDIUM
baseScore: 4.4
vectorString: AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-010588
severity: MEDIUM
baseScore: 5.6
vectorString: AV:L/AC:H/AU:N/C:C/I:C/A:N
accessVector: LOCAL
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2017-3226
baseSeverity: MEDIUM
baseScore: 6.4
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.5
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-010588
baseSeverity: MEDIUM
baseScore: 5.7
vectorString: CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: PHYSICAL
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2017-010588 // CNNVD: CNNVD-201709-517 // NVD: CVE-2017-3226

PROBLEMTYPE DATA

problemtype:CWE-329

Trust: 1.8

problemtype:CWE-310

Trust: 1.0

problemtype:CWE-208

Trust: 0.8

sources: JVNDB: JVNDB-2017-010588 // NVD: CVE-2017-3226

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201709-517

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201709-517

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010588

PATCH
title:env: Migrate CONFIG_ENV_AES to Kconfig and deprecateurl:http://git.denx.de/?p=u-boot.git;a=commit;h=5eb35220b2cbeac79af8d73c696f5930a755c5bd
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-010588

EXTERNAL IDS
db:CERT/CCid:VU#166743
Trust: 3.5
db:NVDid:CVE-2017-3226
Trust: 2.7
db:BIDid:100675
Trust: 1.9
db:JVNid:JVNVU96769287
Trust: 0.8
db:JVNDBid:JVNDB-2017-010588
Trust: 0.8
db:CNNVDid:CNNVD-201709-517
Trust: 0.6
sources:
            
            
            CERT/CC: VU#166743 // 
            
            
            
            BID: 100675 // 
            
            
            
            JVNDB: JVNDB-2017-010588 // 
            
            
            
            CNNVD: CNNVD-201709-517 // 
            
            
            
            NVD: CVE-2017-3226

REFERENCES
url:https://www.kb.cert.org/vuls/id/166743
Trust: 2.7
url:http://www.securityfocus.com/bid/100675
Trust: 1.6
url:https://cwe.mitre.org/data/definitions/208.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/329.html
Trust: 0.8
url:http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-444.htm
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3225
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3226
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96769287/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3225
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-3226
Trust: 0.8
url:https://www.denx.de/wiki/u-boot/webhome
Trust: 0.3
sources:
            
            
            CERT/CC: VU#166743 // 
            
            
            
            BID: 100675 // 
            
            
            
            JVNDB: JVNDB-2017-010588 // 
            
            
            
            CNNVD: CNNVD-201709-517 // 
            
            
            
            NVD: CVE-2017-3226

CREDITS
Allan Xavier
Trust: 0.9
sources:
            
            
            BID: 100675 // 
            
            
            
            CNNVD: CNNVD-201709-517

SOURCES
db:CERT/CCid:VU#166743
db:BIDid:100675
db:JVNDBid:JVNDB-2017-010588
db:CNNVDid:CNNVD-201709-517
db:NVDid:CVE-2017-3226

LAST UPDATE DATE
2024-11-23T22:26:17.354000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#166743date:2017-10-12T00:00:00
db:BIDid:100675date:2017-09-08T00:00:00
db:JVNDBid:JVNDB-2017-010588date:2019-07-24T00:00:00
db:CNNVDid:CNNVD-201709-517date:2019-10-17T00:00:00
db:NVDid:CVE-2017-3226date:2024-11-21T03:25:04.597

SOURCES RELEASE DATE
db:CERT/CCid:VU#166743date:2017-09-08T00:00:00
db:BIDid:100675date:2017-09-08T00:00:00
db:JVNDBid:JVNDB-2017-010588date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201709-517date:2017-09-18T00:00:00
db:NVDid:CVE-2017-3226date:2018-07-24T15:29:00.983