var-201807-0269
Vulnerability from variot
Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot's use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot's AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data. Das U-Boot of AES-CBC Multiple vulnerabilities exist in cryptographic implementations. Information leakage due to differences in processing time (CWE-208) - CVE-2017-3226 Das U-Boot of AES-CBC The encryption process is deficient in the process when reading the encrypted environment variable. As a result, an attacker could decrypt the content on your device or possibly tamper with it.An attacker with access to the device may be able to decrypt the content on the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-0269",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "u-boot",
"scope": "lt",
"trust": 1.0,
"vendor": "denx",
"version": "2017.09"
},
{
"model": "u-boot",
"scope": null,
"trust": 0.8,
"vendor": "denx engineering",
"version": null
},
{
"model": "das u-boot",
"scope": "eq",
"trust": 0.3,
"vendor": "u boot",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:denx:u-boot",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Allan Xavier",
"sources": [
{
"db": "BID",
"id": "100675"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-516"
}
],
"trust": 0.9
},
"cve": "CVE-2017-3225",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2017-3225",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.6,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-010588",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"id": "CVE-2017-3225",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.7,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-010588",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-3225",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-010588",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-516",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-516"
},
{
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Das U-Boot is a device bootloader that can read its configuration from an AES encrypted file. For devices utilizing this environment encryption mode, U-Boot\u0027s use of a zero initialization vector may allow attacks against the underlying cryptographic implementation and allow an attacker to decrypt the data. Das U-Boot\u0027s AES-CBC encryption feature uses a zero (0) initialization vector. This allows an attacker to perform dictionary attacks on encrypted data produced by Das U-Boot to learn information about the encrypted data. Das U-Boot of AES-CBC Multiple vulnerabilities exist in cryptographic implementations. Information leakage due to differences in processing time (CWE-208) - CVE-2017-3226 Das U-Boot of AES-CBC The encryption process is deficient in the process when reading the encrypted environment variable. As a result, an attacker could decrypt the content on your device or possibly tamper with it.An attacker with access to the device may be able to decrypt the content on the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-3225"
},
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "BID",
"id": "100675"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166743",
"trust": 3.5
},
{
"db": "NVD",
"id": "CVE-2017-3225",
"trust": 2.7
},
{
"db": "BID",
"id": "100675",
"trust": 1.9
},
{
"db": "JVN",
"id": "JVNVU96769287",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-516",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-516"
},
{
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"id": "VAR-201807-0269",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.26666668
},
"last_update_date": "2024-11-23T22:26:17.384000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "env: Migrate CONFIG_ENV_AES to Kconfig and deprecate",
"trust": 0.8,
"url": "http://git.denx.de/?p=u-boot.git;a=commit;h=5eb35220b2cbeac79af8d73c696f5930a755c5bd"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-329",
"trust": 1.8
},
{
"problemtype": "CWE-310",
"trust": 1.0
},
{
"problemtype": "CWE-208",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://www.kb.cert.org/vuls/id/166743"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/100675"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/208.html"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/329.html"
},
{
"trust": 0.8,
"url": "http://www.brocade.com/content/dam/common/documents/content-types/security-bulletin/brocade-security-advisory-2017-444.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3225"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-3226"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu96769287/index.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3225"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-3226"
},
{
"trust": 0.3,
"url": "https://www.denx.de/wiki/u-boot/webhome"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-516"
},
{
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#166743"
},
{
"db": "BID",
"id": "100675"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-516"
},
{
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "CERT/CC",
"id": "VU#166743"
},
{
"date": "2017-09-08T00:00:00",
"db": "BID",
"id": "100675"
},
{
"date": "2017-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"date": "2017-09-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-516"
},
{
"date": "2018-07-24T15:29:00.953000",
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-12T00:00:00",
"db": "CERT/CC",
"id": "VU#166743"
},
{
"date": "2017-09-08T00:00:00",
"db": "BID",
"id": "100675"
},
{
"date": "2019-07-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-010588"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-516"
},
{
"date": "2024-11-21T03:25:04.470000",
"db": "NVD",
"id": "CVE-2017-3225"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-516"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Das U-Boot AES-CBC encryption implementation contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#166743"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-516"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.