var-201710-0668
Vulnerability from variot
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. This vulnerability is often cited as "ROCA" in the media. Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. As a result, generated using this library RSA The private key corresponding to the public key may be obtained. Cryptographic issues (CWE-310) - CVE-2017-15361 Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. Using the library RSA When generating a key pair, a more efficient search method than the exhaustive key search can be applied. at least 2048 There is a possibility of obtaining a secret key with a key length of less than or equal to bits. This attack was generated by the library RSA It can be applied simply by obtaining a public key. In addition, this case RSA Problem with key generation ECC ( Elliptic curve cryptography ) Is not affected. Also generated by other devices and libraries RSA key Can also be used safely with this library. The library is Trusted Platform Modules (TPM) Or a smart card. Information on affected vendors is available on the developer's site. For details, refer to the information published by the discoverer. Developer site https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Information published by the discoverer https://crocs.fi.muni.cz/public/papers/rsa_ccs17Using the library RSA If a key is generated, there is a possibility that a private key may be obtained by a remote third party. An attacker could exploit this vulnerability to compromise the encryption protection mechanism. Attackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: hpesbhf03789en_us Version: 2
HPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module v2.0 Option, Unauthorized Access to Data
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2017-10-18 Last Updated: 2017-10-17
Potential Security Impact: Local: Unauthorized Access to Data; Remote: Unauthorized Access to Data
Source: Hewlett Packard Enterprise, Product Security Response Team
VULNERABILITY SUMMARY A potential security vulnerability has been identified in the "HP Trusted Platform Module 2.0 Option" kit. This optional kit is available for HPE Gen9 systems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is that new mathematical methods exist such that RSA keys generated by the TPM 2.0 with firmware 5.51 are cryptographically weakened. This vulnerability could lead to local and remote unauthorized access to data.
References:
- PSRT110605
- PSRT110598
- CVE-2017-15361
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This is the Gen9 TPM 2.0 option (only Gen9 servers could have this option). The TPM 2.0 Option for Gen9 servers is not standard on Gen9 servers - - it is an option. - HP ProLiant BL460c Gen9 Server Blade n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant BL660c Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL120 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL160 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL360 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL380 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL388 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL580 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL60 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant DL80 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML110 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HP ProLiant ML150 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE Apollo 4200 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL180 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL20 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant DL560 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug 4LFF SATA 300W AP Svr/Promo n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W Svr/S-Buy n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W Perf Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/GO n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W Svr/TV n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML30 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant ML350 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL170r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL190r Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL230a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL250a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL260a Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL450 Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL730f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL740f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed. - HPE ProLiant XL750f Gen9 Server n/a - only if "HPE Trusted Platform Module 2.0 Kit" w/ FW version 5.51 is installed.
BACKGROUND
CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector
CVE-2017-15361
7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Information on CVSS is documented in
HPE Customer Notice HPSN-2008-002 here:
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499
RESOLUTION
HPE has provided both an updated system ROM, and updated TPM firmware to correct this issue for impacted systems. Update the system ROM and "HPE Trusted Platform Module 2.0 Option" to firmware version 5.62 or subsequent.
The latest version of the System ROM is available, and must be updated before updating the TPM firmware. Use these instructions:
1.Click the following link:
2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a
Product Name or Number.
3.Click Go.
4.Select the appropriate product model from the Results list (if prompted).
5.Click the "drivers, software & firmware" hyperlink under the Download
Options tab.
6.Select the system's specific operating system from the Operating Systems
dropdown menu.
7.Click the category BIOS - System ROM.
8.Select the latest release of HPE System ROM Version 2.50 (or later).
9.Click Download.
The latest version of the TPM firmware is available. Use these instructions:
1.Click the following link:
2.Enter a product name (e.g., "DL380 Gen9") in the text field under Enter a
Product Name or Number.
3.Click Go.
4.Select the appropriate product model from the Results list (if prompted).
5.Click the "drivers, software & firmware" hyperlink under the Download
Options tab.
6.Select the system's specific operating system from the Operating Systems
dropdown menu.
7.Click the category Firmware.
8.Select the latest release of the HPE Trusted Platform Module 2.0 Option
firmware update for HPE Gen9 Severs Version 5.62 (or later).
9.Click Download.
Note:
-
After the firmware upgrade, the TPM will generate RSA keys using an improved algorithm. Revoking the weak TPM generated RSA keys will still be required. Refer to the OS documentation for OS-specific instructions. In addition, a System ROM update to version 2.50 (or later) is required before updating the TPM 2.0 firmware.
-
Please refer to the HPE Customer Bulletin as well:
-
HPE ProLiant Gen9 Servers - Potential Vulnerability in the HPE Trusted Platform Module 2.0 Option Firmware Version 5.51 for HPE ProLiant Gen9 Servers http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=a00028289en_us
HISTORY
Version:1 (rev.1) - 16 October 2017 Initial release
Version:2 (rev.2) - 17 October 2017 Added CVE reference
Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com.
Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com
Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice
Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive
Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB.
3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX
Copyright 2016 Hewlett Packard Enterprise
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEcBAEBCAAGBQJZ5k72AAoJELXhAxt7SZaiU4EIAKJK3i30Qui8Fqm7/Kr5R/oB UgW8kg/4EkbEpJ7ewQwjE2gaIMUmo6q2we+mpLU3/4T8+ZcZgxw7hDZqOrOn7V08 rzchXK1oLqdW9vu0BlWrUK6TTWHghW38nwqLHhmxuRavrVR4kYB+ctfFUS3vaSVd eQWBn6coSrkeToazgtvlPilChl1ygH4NITmLBXPnSbcp8U1yLhF+j0eUKLcZnR8l OMi65CVCNWCcSL3NV6x4NXvREmehKXGqgokGUe6rBWucU+A21W66GhsnhC5ysa4j SR8Ungf0W1QihfW3+Jijiu5hC7mrcZrGi+AZAvJDb4S5zvfM+hVUZNuEGa6nzVM= =KoaT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0668",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "133.32"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "6.40"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "4.31"
},
{
"model": "trusted platform",
"scope": "eq",
"trust": 1.6,
"vendor": "infineon",
"version": "4.32"
},
{
"model": "rsa library",
"scope": "eq",
"trust": 1.2,
"vendor": "infineon",
"version": "1.02.013"
},
{
"model": "rsa library",
"scope": "lte",
"trust": 1.0,
"vendor": "infineon",
"version": "1.02.013"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "atos se",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "gemalto av",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "infineon",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "lenovo",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "microsoft",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "rubrik",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "taglio",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "winmagic",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "yubico",
"version": null
},
{
"model": "rsa library",
"scope": "eq",
"trust": 0.8,
"vendor": "infineon",
"version": "version 1.02.013"
},
{
"model": "yubikey 4c",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "4.3.4"
},
{
"model": "yubikey 4c",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "4.2.6"
},
{
"model": "yubikey nano",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.3.4"
},
{
"model": "yubikey nano",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.2.6"
},
{
"model": "yubikey",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.3.4"
},
{
"model": "yubikey",
"scope": "eq",
"trust": 0.3,
"vendor": "yubico",
"version": "44.2.6"
},
{
"model": "thinkpad yoga s1",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "2600"
},
{
"model": "thinkpad yoga s3",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "144600"
},
{
"model": "thinkpad yoga 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x2600"
},
{
"model": "thinkpad tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad carbon",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "x10"
},
{
"model": "thinkpad t560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t470p",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad t460s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p70",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p51",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50s",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad p50",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l570",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l470",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad l460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e565",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e560",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e465",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad e460",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "thinkpad 11e",
"scope": "eq",
"trust": 0.3,
"vendor": "lenovo",
"version": "0"
},
{
"model": "rsa library",
"scope": "eq",
"trust": 0.3,
"vendor": "infineon",
"version": "1.2.13"
},
{
"model": "trusted platform module option kit",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "2.0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96702.0)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96701.2)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96652.0)0"
},
{
"model": "slb (tpm",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "96601.2)0"
},
{
"model": "mobile workstation",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "mobile thin client and tablet",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "commercial notebook pc",
"scope": "eq",
"trust": 0.3,
"vendor": "hp",
"version": "0"
},
{
"model": "chrome os m63",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "chrome os m62",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "chrome os m61",
"scope": null,
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": "idprime.net",
"scope": "eq",
"trust": 0.3,
"vendor": "gemalto",
"version": "0"
},
{
"model": "tpm 2.0 fw7.61",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw7.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw5.61",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 2.0 fw5.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw6.42",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw6.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.42",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.40",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.33",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw4.00",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw149.32",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "tpm 1.2 fw133.32",
"scope": null,
"trust": 0.3,
"vendor": "fujitsu",
"version": null
},
{
"model": "chrome os m80",
"scope": "ne",
"trust": 0.3,
"vendor": "google",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "4.31"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "4.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "6.40"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "trusted platform",
"version": "133.32"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "rsa library",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:infineon:rsa_library",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, and Vashek Matyas.",
"sources": [
{
"db": "BID",
"id": "101484"
}
],
"trust": 0.3
},
"cve": "CVE-2017-15361",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2017-15361",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 8.8,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 6.9,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 8.6,
"id": "CVE-2017-15361",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 8.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-008423",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2017-33657",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-106176",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2017-15361",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.4,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-008423",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-15361",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-15361",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-008423",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-33657",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-558",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-106176",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-15361",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. This vulnerability is often cited as \"ROCA\" in the media. Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. As a result, generated using this library RSA The private key corresponding to the public key may be obtained. Cryptographic issues (CWE-310) - CVE-2017-15361 Infineon Made RSA The library contains RSA There is a problem that does not generate the key pair properly. Using the library RSA When generating a key pair, a more efficient search method than the exhaustive key search can be applied. at least 2048 There is a possibility of obtaining a secret key with a key length of less than or equal to bits. This attack was generated by the library RSA It can be applied simply by obtaining a public key. In addition, this case RSA Problem with key generation ECC ( Elliptic curve cryptography ) Is not affected. Also generated by other devices and libraries RSA key Can also be used safely with this library. The library is Trusted Platform Modules (TPM) Or a smart card. Information on affected vendors is available on the developer\u0027s site. For details, refer to the information published by the discoverer. Developer site https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Information published by the discoverer https://crocs.fi.muni.cz/public/papers/rsa_ccs17Using the library RSA If a key is generated, there is a possibility that a private key may be obtained by a remote third party. An attacker could exploit this vulnerability to compromise the encryption protection mechanism. \nAttackers can exploit this issue to bypass certain security restrictions to perform unauthorized actions. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nNote: the current version of the following document is available here:\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03789en_us\n\nSUPPORT COMMUNICATION - SECURITY BULLETIN\n\nDocument ID: hpesbhf03789en_us\nVersion: 2\n\nHPESBHF03789 rev.2 - Certain HPE Gen9 Systems with HP Trusted Platform Module\nv2.0 Option, Unauthorized Access to Data\n\nNOTICE: The information in this Security Bulletin should be acted upon as\nsoon as possible. \n\nRelease Date: 2017-10-18\nLast Updated: 2017-10-17\n\nPotential Security Impact: Local: Unauthorized Access to Data; Remote:\nUnauthorized Access to Data\n\nSource: Hewlett Packard Enterprise, Product Security Response Team\n\nVULNERABILITY SUMMARY\nA potential security vulnerability has been identified in the \"HP Trusted\nPlatform Module 2.0 Option\" kit. This optional kit is available for HPE Gen9\nsystems with firmware version 5.51. The vulnerability in TPM firmware 5.51 is\nthat new mathematical methods exist such that RSA keys generated by the TPM\n2.0 with firmware 5.51 are cryptographically weakened. This vulnerability\ncould lead to local and remote unauthorized access to data. \n\nReferences:\n\n - PSRT110605\n - PSRT110598\n - CVE-2017-15361\n\nSUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. This is the Gen9 TPM 2.0 option (only Gen9 servers could have this\noption). The TPM 2.0 Option for Gen9 servers is not standard on Gen9 servers\n- - it is an option. \n - HP ProLiant BL460c Gen9 Server Blade n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant BL660c Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL120 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL160 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL360 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL380 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL388 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL580 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL60 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant DL80 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant ML110 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HP ProLiant ML150 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE Apollo 4200 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL180 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL180 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL20 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant DL560 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 3.3GHz 4-core 8GB-R 1TB Non-hot Plug\n4LFF SATA 300W AP Svr/Promo n/a - only if \"HPE Trusted Platform Module 2.0\nKit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 4GB-R 1TB Non-hot Plug 4LFF SATA 300W\nSvr/S-Buy n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version\n5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 1TB Non-hot Plug 4LFF SATA 300W\nPerf Svr n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version\n5.51 is installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/GO n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51\nis installed. \n - HPE ProLiant ML10 Gen9 E3-1225 v5 8GB-R 2TB Non-hot Plug 4LFF SATA 300W\nSvr/TV n/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51\nis installed. \n - HPE ProLiant ML10 Gen9 G4400 4GB-R Non-hot Plug 4LFF SATA 300W Entry Svr\nn/a - only if \"HPE Trusted Platform Module 2.0 Kit\" w/ FW version 5.51 is\ninstalled. \n - HPE ProLiant ML30 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML350 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant ML350 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL170r Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL190r Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL230a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL230a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL250a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL250a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL260a Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL450 Gen9 Server n/a - only if \"HPE Trusted Platform Module\n2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL730f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL730f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL740f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL740f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL750f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n - HPE ProLiant XL750f Gen9 Server n/a - only if \"HPE Trusted Platform\nModule 2.0 Kit\" w/ FW version 5.51 is installed. \n\nBACKGROUND\n\n CVSS Base Metrics\n =================\n Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector\n\n CVE-2017-15361\n 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\n 6.2 (AV:L/AC:H/Au:N/C:C/I:C/A:C)\n\n Information on CVSS is documented in\n HPE Customer Notice HPSN-2008-002 here:\n\nhttps://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499\n\nRESOLUTION\n\nHPE has provided both an updated system ROM, and updated TPM firmware to\ncorrect this issue for impacted systems. Update the system ROM and \"HPE\nTrusted Platform Module 2.0 Option\" to firmware version 5.62 or subsequent. \n\nThe latest version of the System ROM is available, and must be updated before\nupdating the TPM firmware. Use these instructions:\n\n1.Click the following link: \n\n * \u003chttp://www.hpe.com/support/hpesc\u003e\n\n2.Enter a product name (e.g., \"DL380 Gen9\") in the text field under Enter a\nProduct Name or Number. \n3.Click Go. \n4.Select the appropriate product model from the Results list (if prompted). \n5.Click the \"drivers, software \u0026 firmware\" hyperlink under the Download\nOptions tab. \n6.Select the system\u0027s specific operating system from the Operating Systems\ndropdown menu. \n7.Click the category BIOS - System ROM. \n8.Select the latest release of HPE System ROM Version 2.50 (or later). \n9.Click Download. \n\n\nThe latest version of the TPM firmware is available. Use these instructions:\n\n 1.Click the following link:\n\n * \u003chttp://www.hpe.com/support/hpesc\u003e\n\n 2.Enter a product name (e.g., \"DL380 Gen9\") in the text field under Enter a\nProduct Name or Number. \n 3.Click Go. \n 4.Select the appropriate product model from the Results list (if prompted). \n\n 5.Click the \"drivers, software \u0026 firmware\" hyperlink under the Download\nOptions tab. \n 6.Select the system\u0027s specific operating system from the Operating Systems\ndropdown menu. \n 7.Click the category Firmware. \n 8.Select the latest release of the HPE Trusted Platform Module 2.0 Option\nfirmware update for HPE Gen9 Severs Version 5.62 (or later). \n 9.Click Download. \n\n**Note:** \n\n * After the firmware upgrade, the TPM will generate RSA keys using an\nimproved algorithm. Revoking the weak TPM generated RSA keys will still be\nrequired. Refer to the OS documentation for OS-specific instructions. In\naddition, a System ROM update to version 2.50 (or later) is required before\nupdating the TPM 2.0 firmware. \n \n * Please refer to the HPE *Customer Bulletin* as well:\n \n - **HPE ProLiant Gen9 Servers** - Potential Vulnerability in the HPE\nTrusted Platform Module 2.0 Option Firmware Version 5.51 for HPE ProLiant\nGen9 Servers\n\u003chttp://h20565.www2.hpe.com/hpsc/doc/public/display?docId=a00028289en_us\u003e\n\nHISTORY\n\nVersion:1 (rev.1) - 16 October 2017 Initial release\n\nVersion:2 (rev.2) - 17 October 2017 Added CVE reference\n\n\nThird Party Security Patches: Third party security patches that are to be\ninstalled on systems running Hewlett Packard Enterprise (HPE) software\nproducts should be applied in accordance with the customer\u0027s patch management\npolicy. \n\nSupport: For issues about implementing the recommendations of this Security\nBulletin, contact normal HPE Services support channel. For other issues about\nthe content of this Security Bulletin, send e-mail to security-alert@hpe.com. \n\nReport: To report a potential security vulnerability for any HPE supported\nproduct:\n Web form: https://www.hpe.com/info/report-security-vulnerability\n Email: security-alert@hpe.com\n\nSubscribe: To initiate a subscription to receive future HPE Security Bulletin\nalerts via Email: http://www.hpe.com/support/Subscriber_Choice\n\nSecurity Bulletin Archive: A list of recently released Security Bulletins is\navailable here: http://www.hpe.com/support/Security_Bulletin_Archive\n\nSoftware Product Category: The Software Product Category is represented in\nthe title by the two characters following HPSB. \n\n3C = 3COM\n3P = 3rd Party Software\nGN = HPE General Software\nHF = HPE Hardware and Firmware\nMU = Multi-Platform Software\nNS = NonStop Servers\nOV = OpenVMS\nPV = ProCurve\nST = Storage Software\nUX = HP-UX\n\nCopyright 2016 Hewlett Packard Enterprise\n\nHewlett Packard Enterprise shall not be liable for technical or editorial\nerrors or omissions contained herein. The information provided is provided\n\"as is\" without warranty of any kind. To the extent permitted by law, neither\nHP or its affiliates, subcontractors or suppliers will be liable for\nincidental,special or consequential damages including downtime cost; lost\nprofits; damages relating to the procurement of substitute products or\nservices; or damages for loss of data, or software restoration. The\ninformation in this document is subject to change without notice. Hewlett\nPackard Enterprise and the names of Hewlett Packard Enterprise products\nreferenced herein are trademarks of Hewlett Packard Enterprise in the United\nStates and other countries. Other product and company names mentioned herein\nmay be trademarks of their respective owners. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQEcBAEBCAAGBQJZ5k72AAoJELXhAxt7SZaiU4EIAKJK3i30Qui8Fqm7/Kr5R/oB\nUgW8kg/4EkbEpJ7ewQwjE2gaIMUmo6q2we+mpLU3/4T8+ZcZgxw7hDZqOrOn7V08\nrzchXK1oLqdW9vu0BlWrUK6TTWHghW38nwqLHhmxuRavrVR4kYB+ctfFUS3vaSVd\neQWBn6coSrkeToazgtvlPilChl1ygH4NITmLBXPnSbcp8U1yLhF+j0eUKLcZnR8l\nOMi65CVCNWCcSL3NV6x4NXvREmehKXGqgokGUe6rBWucU+A21W66GhsnhC5ysa4j\nSR8Ungf0W1QihfW3+Jijiu5hC7mrcZrGi+AZAvJDb4S5zvfM+hVUZNuEGa6nzVM=\n=KoaT\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-15361"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "PACKETSTORM",
"id": "144646"
}
],
"trust": 3.6
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/307015",
"trust": 0.8,
"type": "poc"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-15361",
"trust": 3.8
},
{
"db": "CERT/CC",
"id": "VU#307015",
"trust": 3.7
},
{
"db": "BID",
"id": "101484",
"trust": 2.7
},
{
"db": "LENOVO",
"id": "LEN-15552",
"trust": 2.1
},
{
"db": "SIEMENS",
"id": "SSA-470231",
"trust": 1.8
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-01",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558",
"trust": 0.9
},
{
"db": "ICS CERT",
"id": "ICSA-18-058-01A",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-33657",
"trust": 0.8
},
{
"db": "JVN",
"id": "JVNVU95530052",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423",
"trust": 0.8
},
{
"db": "IVD",
"id": "0E0DF457-AAB1-4879-A7C8-5371086A00D5",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144646",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-99005",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-106176",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-15361",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"id": "VAR-201710-0668",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
}
],
"trust": 1.4398148266666666
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
}
]
},
"last_update_date": "2024-11-23T22:38:24.456000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Information on TPM firmware update for Microsoft Windows systems as announced on Microsoft`s patchday on October 10th 2017",
"trust": 0.8,
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160"
},
{
"title": "Security Alert 20171012",
"trust": 0.8,
"url": "http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2017/securityalert20171012.html"
},
{
"title": "Infineon RSA Library Encryption Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/105950"
},
{
"title": "Infineon Trusted Platform Module Infineon RSA Repair measures for library security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75565"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/23/roca_crypto_flaw_gemalto/"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2017/10/16/roca_crypto_vuln_infineon_chips/"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=d442339efd5a6d4834ac93a8dc07c35d"
},
{
"title": "HP: HPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBHF03568"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=ca9eba9c5c56724cf0dd05e2bbff5dc4"
},
{
"title": "HP: HPSBPI03583 rev. 1 - ROCA - Vulnerable RSA Generation: HP Trusted Platform Module (TPM) Accessory and Certain HP Enterprise Printer and MFP Products, Certain HP PageWide Printer and MFP Products with Standard TPM",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=HPSBPI03583"
},
{
"title": "HP: SUPPORT COMMUNICATION- SECURITY BULLETIN\nHPSBHF03568 rev. 11 - Infineon TPM Security Update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hp_bulletin\u0026qid=03aca358debd7682b3b457bbf62087d3"
},
{
"title": "Infineon-CVE-2017-15361",
"trust": 0.1,
"url": "https://github.com/lva/Infineon-CVE-2017-15361 "
},
{
"title": "RocaCmTest",
"trust": 0.1,
"url": "https://github.com/jnpuskar/RocaCmTest "
},
{
"title": "zeek-plugin-roca",
"trust": 0.1,
"url": "https://github.com/0xxon/bro-plugin-roca "
},
{
"title": "Detect-CVE-2017-15361-TPM",
"trust": 0.1,
"url": "https://github.com/nsacyber/Detect-CVE-2017-15361-TPM "
},
{
"title": "cedarkey",
"trust": 0.1,
"url": "https://github.com/nuclearcat/cedarkey "
},
{
"title": "roca",
"trust": 0.1,
"url": "https://github.com/brunoproduit/roca "
},
{
"title": "zeek-plugin-roca",
"trust": 0.1,
"url": "https://github.com/0xxon/zeek-plugin-roca "
},
{
"title": "tpm-firmware",
"trust": 0.1,
"url": "https://github.com/fishilico/tpm-firmware "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/google/paranoid_crypto "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/Exp101tsArchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
},
{
"title": "BleepingComputer",
"trust": 0.1,
"url": "https://www.bleepingcomputer.com/news/security/microsoft-warns-of-windows-hello-for-business-orphaned-key-risks/"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/factorization-flaw-in-tpm-chips-makes-attacks-on-rsa-private-keys-feasible/128474/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://crocs.fi.muni.cz/public/papers/rsa_ccs17"
},
{
"trust": 3.4,
"url": "https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirid=59160"
},
{
"trust": 3.0,
"url": "https://www.kb.cert.org/vuls/id/307015"
},
{
"trust": 2.9,
"url": "http://support.lenovo.com/us/en/product_security/len-15552"
},
{
"trust": 2.9,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv170012"
},
{
"trust": 2.6,
"url": "https://github.com/crocs-muni/roca"
},
{
"trust": 2.6,
"url": "https://blog.cr.yp.to/20171105-infineon.html"
},
{
"trust": 2.6,
"url": "https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/101484"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20171024-0001/"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html"
},
{
"trust": 1.8,
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html"
},
{
"trust": 1.8,
"url": "https://www.yubico.com/support/security-advisories/ysa-2017-01/"
},
{
"trust": 1.8,
"url": "https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/"
},
{
"trust": 1.8,
"url": "https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/"
},
{
"trust": 1.8,
"url": "https://github.com/iadgov/detect-cve-2017-15361-tpm"
},
{
"trust": 1.8,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-01"
},
{
"trust": 1.8,
"url": "https://keychest.net/roca"
},
{
"trust": 1.8,
"url": "https://monitor.certipath.com/rsatest"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03801en_us"
},
{
"trust": 1.7,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-15361"
},
{
"trust": 0.9,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 0.8,
"url": "https://crocs.fi.muni.cz/_media/public/papers/nemec_roca_ccs17_preprint.pdf"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.8,
"url": "http://www.dell.com/support/article/us/en/19/sln307820/"
},
{
"trust": 0.8,
"url": "http://www.fujitsu.com/global/support/products/software/security/products-f/ifsa-201701e.html"
},
{
"trust": 0.8,
"url": "https://safenet.gemalto.com/technical-support/security-updates/"
},
{
"trust": 0.8,
"url": "https://support.rubrik.com/articles/how_to/000001116"
},
{
"trust": 0.8,
"url": "https://www.yubico.com/keycheck/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-15361"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-18-058-01a"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu95530052/"
},
{
"trust": 0.3,
"url": "https://www.infineon.com/"
},
{
"trust": 0.3,
"url": "https://support.hp.com/us-en/document/c05792935"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03789en_us"
},
{
"trust": 0.1,
"url": "https://support.hpe.com/hpsc/doc/public/display?doclocale=en_us\u0026amp;docid=emr_na-hpesbhf03801en_us"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://github.com/lva/infineon-cve-2017-15361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-058-01a"
},
{
"trust": 0.1,
"url": "http://h20565.www2.hpe.com/hpsc/doc/public/display?docid=a00028289en_us\u003e"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/security_bulletin_archive"
},
{
"trust": 0.1,
"url": "https://www.hpe.com/info/report-security-vulnerability"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/subscriber_choice"
},
{
"trust": 0.1,
"url": "http://www.hpe.com/support/hpesc\u003e"
},
{
"trust": 0.1,
"url": "https://h20564.www2.hpe.com/hpsc/doc/public/display?docid=emr_na-c01345499"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"db": "CERT/CC",
"id": "VU#307015"
},
{
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"db": "VULHUB",
"id": "VHN-106176"
},
{
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"db": "BID",
"id": "101484"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"db": "PACKETSTORM",
"id": "144646"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "IVD",
"id": "0e0df457-aab1-4879-a7c8-5371086a00d5"
},
{
"date": "2017-10-16T00:00:00",
"db": "CERT/CC",
"id": "VU#307015"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"date": "2017-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-106176"
},
{
"date": "2017-10-16T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"date": "2017-10-16T00:00:00",
"db": "BID",
"id": "101484"
},
{
"date": "2017-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"date": "2017-10-17T15:22:22",
"db": "PACKETSTORM",
"id": "144646"
},
{
"date": "2017-10-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"date": "2017-10-16T17:29:00.243000",
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CERT/CC",
"id": "VU#307015"
},
{
"date": "2017-11-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33657"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-106176"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULMON",
"id": "CVE-2017-15361"
},
{
"date": "2017-10-23T20:04:00",
"db": "BID",
"id": "101484"
},
{
"date": "2019-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-008423"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-558"
},
{
"date": "2024-11-21T03:14:32.883000",
"db": "NVD",
"id": "CVE-2017-15361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Infineon RSA library does not properly generate RSA key pairs",
"sources": [
{
"db": "CERT/CC",
"id": "VU#307015"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-558"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.