Vulnerability Report

CVE-2017-15361

Title: Asus Chromebox Cn62 Cryptographic Failures

Other

Proof Of Concept

No public PoC currently indexed for CVE-2017-15361.

CWE Category NVD-CWE-noinfo
Published Date Oct 16, 2017
Modified Date May 13, 2026
Exploit Status Not Found
Score 5.9 CVSS v3.0
Exploit Probability (EPSS)
73.44%

Vulnerability Summary

CVE-2017-15361: The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Impacted Vendors

H
hisense 1
G
google 1
T
toshiba 2
R
rgs 1
A
asus 11
A
acer 20
E
edugear 4
S
sector-five 1
L
lg 2
A
aopen 3
P
positivo 1
H
hexa 1
P
pcmerge 1
B
bobicus 1
T
true 2
A
asi 1
M
mercer 2
I
infineon 1
H
haier 4
P
prowise 2
M
medion 2
S
samsung 6
V
videonet 2
E
epik 1
D
dell 6
H
hp 20
S
senkatel 1
P
poin2 2
C
ctl 5
L
lenovo 11
E
edxis 2
N
ncomputing 1
N
nexian 1
V
viglen 2
X
xolo 1

Reference Links

http://support.lenovo.com/us/en/product_security/LEN-15552 http://www.securityfocus.com/bid/101484 https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ https://blog.cr.yp.to/20171105-infineon.html https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf https://crocs.fi.muni.cz/public/papers/rsa_ccs17 https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ https://github.com/crocs-muni/roca https://github.com/iadgov/Detect-CVE-2017-15361-TPM https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 https://keychest.net/roca https://monitor.certipath.com/rsatest https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 https://security.netapp.com/advisory/ntap-20171024-0001/ https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html https://www.kb.cert.org/vuls/id/307015 https://www.yubico.com/support/security-advisories/ysa-2017-01/ http://support.lenovo.com/us/en/product_security/LEN-15552 http://www.securityfocus.com/bid/101484 https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ https://blog.cr.yp.to/20171105-infineon.html https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf https://crocs.fi.muni.cz/public/papers/rsa_ccs17 https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ https://github.com/crocs-muni/roca https://github.com/iadgov/Detect-CVE-2017-15361-TPM https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 https://keychest.net/roca https://monitor.certipath.com/rsatest https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 https://security.netapp.com/advisory/ntap-20171024-0001/ https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html https://www.kb.cert.org/vuls/id/307015 https://www.yubico.com/support/security-advisories/ysa-2017-01/
CVSS v3.0
Source Entity [email protected]
Severity MEDIUM
5.9
Attack Vector
NETWORK
Complexity
HIGH
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS v2.0
Source Entity [email protected]
Severity MEDIUM
4.3
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:M/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2017-15361 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity HIGH
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Stack

No specific products linked.