CVE-2017-15361 - Vulnerability Details

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.73437.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:infineon:trusted_platform_firmware:4.31:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:4.32:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:6.40:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:133.32:::::::*

OR	cpe:2.3:h:acer:c720_chromebook:-:::::::*
	cpe:2.3:h:acer:chromebase:-:::::::*
	cpe:2.3:h:acer:chromebase_24:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c730:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c730e:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c735:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c740:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c771:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c771t:-:::::::*
	cpe:2.3:h:acer:chromebook_11_n7_c731:-:::::::*
	cpe:2.3:h:acer:chromebook_13_cb5-311:-:::::::*
	cpe:2.3:h:acer:chromebook_14_cb3-431:-:::::::*
	cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb3-531:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb3-532:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb5-571:-:::::::*
	cpe:2.3:h:acer:chromebook_r11:-:::::::*
	cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:::::::*
	cpe:2.3:h:acer:chromebox:-:::::::*
	cpe:2.3:h:acer:chromebox_cxi2:-:::::::*
	cpe:2.3:h:aopen:chromebase:-::commercial:::::
	cpe:2.3:h:aopen:chromebase:-::mini:::::
	cpe:2.3:h:aopen:chromebox:-::commercial:::::
	cpe:2.3:h:aopen:chromeboxi:-::mini:::::
	cpe:2.3:h:asi:chromebook:-:::::::*
	cpe:2.3:h:asus:chromebit_cs10:-:::::::*
	cpe:2.3:h:asus:chromebook_c200:-:::::::*
	cpe:2.3:h:asus:chromebook_c201pa:-:::::::*
	cpe:2.3:h:asus:chromebook_c202sa:-:::::::*
	cpe:2.3:h:asus:chromebook_c300:-:::::::*
	cpe:2.3:h:asus:chromebook_c300sa:-:::::::*
	cpe:2.3:h:asus:chromebook_c301sa:-:::::::*
	cpe:2.3:h:asus:chromebook_flip_c100pa:-:::::::*
	cpe:2.3:h:asus:chromebook_flip_c302:-:::::::*
	cpe:2.3:h:asus:chromebox_cn60:-:::::::*
	cpe:2.3:h:asus:chromebox_cn62:-:::::::*
	cpe:2.3:h:bobicus:chromebook_11::::::::
	cpe:2.3:h:ctl:j2_chromebook:-:::::education::
	cpe:2.3:h:ctl:j4_chromebook:-:::::education::
	cpe:2.3:h:ctl:j5_chromebook:-:::::::*
	cpe:2.3:h:ctl:n6_chromebook:-:::::education::
	cpe:2.3:h:ctl:nl61_chromebook:-:::::::*
	cpe:2.3:h:dell:chromebook_11:-:::::::*
	cpe:2.3:h:dell:chromebook_11_3120:-:::::::*
	cpe:2.3:h:dell:chromebook_11_3189:-:::::::*
	cpe:2.3:h:dell:chromebook_11_model_3180:-:::::::*
	cpe:2.3:h:dell:chromebook_13_3380:-:::::::*
	cpe:2.3:h:dell:chromebox:-:::::::*
	cpe:2.3:h:edugear:chromebook_k:-:::::::*
	cpe:2.3:h:edugear:chromebook_m:-:::::::*
	cpe:2.3:h:edugear:chromebook_r:-:::::::*
	cpe:2.3:h:edugear:cmt_chromebook:-:::::::*
	cpe:2.3:h:edxis:chromebook:-:::::::*
	cpe:2.3:h:edxis:education_chromebook:-:::::::*
	cpe:2.3:h:epik:chromebook_elb1101:-:::::::*
	cpe:2.3:h:google:pixel:-:::::::*
	cpe:2.3:h:haier:chromebook_11:-:::::::*
	cpe:2.3:h:haier:chromebook_11_c:-:::::::*
	cpe:2.3:h:haier:chromebook_11_g2:-:::::::*
	cpe:2.3:h:haier:chromebook_11e:-:::::::*
	cpe:2.3:h:hexa:chromebook_pi:-:::::::*
	cpe:2.3:h:hisense:chromebook_11:-:::::::*
	cpe:2.3:h:hp:chromebook:-:::::meetings::
	cpe:2.3:h:hp:chromebook_11-vxxx:-:::::::*
cpe:2.3:h:hp:chromebook_11_1100-1199:-:::::::*
cpe:2.3:h:hp:chromebook_11_2000-2099:-:::::::*
cpe:2.3:h:hp:chromebook_11_2100-2199:-:::::::*
cpe:2.3:h:hp:chromebook_11_2200-2299:-:::::::*
cpe:2.3:h:hp:chromebook_11_g1:-:::::::*
cpe:2.3:h:hp:chromebook_11_g2:-:::::::*
cpe:2.3:h:hp:chromebook_11_g3:-:::::::*
cpe:2.3:h:hp:chromebook_11_g4\/g4_ee:-:::::::*
cpe:2.3:h:hp:chromebook_11_g5:-:::::::*
cpe:2.3:h:hp:chromebook_11_g5_ee:-:::::::*
cpe:2.3:h:hp:chromebook_13_g1:-:::::::*
cpe:2.3:h:hp:chromebook_14:-:::::::*
cpe:2.3:h:hp:chromebook_14_ak000-099:-:::::::*
cpe:2.3:h:hp:chromebook_14_g3:-:::::::*
cpe:2.3:h:hp:chromebook_14_g4:-:::::::*
cpe:2.3:h:hp:chromebook_14_x000-x999:-:::::::*
cpe:2.3:h:hp:chromebox_cb1-\(000-099\):-:::::::*
cpe:2.3:h:hp:chromebox_g1:-:::::::*
cpe:2.3:h:lenovo:100s_chromebook:-:::::::*
cpe:2.3:h:lenovo:n20_chromebook:-:::::::*
cpe:2.3:h:lenovo:n21_chromebook:-:::::::*
cpe:2.3:h:lenovo:n22_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:::::::*
cpe:2.3:h:lenovo:n42_chromebook:-:::::::*
cpe:2.3:h:lenovo:thinkcentre_chromebox:-:::::::*
cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:::::::*
cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:::::::*
cpe:2.3:h:lg:chromebase_22cb25s:-:::::::*
cpe:2.3:h:lg:chromebase_22cv241:-:::::::*
cpe:2.3:h:medion:akoya_s2013:-:::::::*
cpe:2.3:h:medion:chromebook_s2015:-:::::::*
cpe:2.3:h:mercer:chromebook:-:::::::*
cpe:2.3:h:mercer:v2_chromebook:-:::::::*
cpe:2.3:h:ncomputing:chromebook_cx100:-:::::::*
cpe:2.3:h:nexian:chromebook:-:::::::*
cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:::::::*
cpe:2.3:h:poin2:chromebook_11:-:::::::*
cpe:2.3:h:poin2:chromebook_14:-:::::::*
cpe:2.3:h:positivo:chromebook_ch1190:-:::::::*
cpe:2.3:h:prowise:entry_line_chromebook:-:::::::*
cpe:2.3:h:prowise:proline_chromebook:-:::::::*
cpe:2.3:h:rgs:education_chromebook:-:::::::*
cpe:2.3:h:samsung:chromebook_2_11:-:::::::*
cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:::::::*
cpe:2.3:h:samsung:chromebook_2_13:-:::::::*
cpe:2.3:h:samsung:chromebook_3:-:::::::*
cpe:2.3:h:samsung:chromebook_plus:-:::::::*
cpe:2.3:h:samsung:chromebook_pro:-:::::::*
cpe:2.3:h:sector-five:e1_rugged_chromebook:-:::::::*
cpe:2.3:h:senkatel:c1101_chromebook:-:::::::*
cpe:2.3:h:toshiba:chromebook:-:::::::*
cpe:2.3:h:toshiba:chromebook_2:-:::::::*
cpe:2.3:h:toshiba:chromebook_2:-::2015:::::
cpe:2.3:h:true:idc_chromebook:-:::::::*
cpe:2.3:h:true:idc_chromebook_11:-:::::::*
cpe:2.3:h:videonet:chromebook:-:::::::*
cpe:2.3:h:videonet:chromebook_bl10:-:::::::*
cpe:2.3:h:viglen:chromebook_11:-:::::::*
cpe:2.3:h:viglen:chromebook_360:-:::::::*
cpe:2.3:h:xolo:chromebook:-:::::::*

Configuration 2 [-]

cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*

No data.

Project Subscriptions

Vendors	Products
Acer Subscribe	C720 Chromebook Subscribe Chromebase Subscribe Chromebase 24 Subscribe Chromebook 11 C730 Subscribe Chromebook 11 C730e Subscribe Chromebook 11 C735 Subscribe Chromebook 11 C740 Subscribe Chromebook 11 C771 Subscribe Chromebook 11 C771t Subscribe Chromebook 11 N7 C731 Subscribe Chromebook 13 Cb5-311 Subscribe Chromebook 14 Cb3-431 Subscribe Chromebook 14 For Work Cp5-471 Subscribe Chromebook 15 Cb3-531 Subscribe Chromebook 15 Cb3-532 Subscribe Chromebook 15 Cb5-571 Subscribe Chromebook R11 Subscribe Chromebook R13 Cb5-312t Subscribe Chromebox Subscribe Chromebox Cxi2 Subscribe
Aopen Subscribe	Chromebase Subscribe Chromebox Subscribe Chromeboxi Subscribe
Asi Subscribe	Chromebook Subscribe
Asus Subscribe	Chromebit Cs10 Subscribe Chromebook C200 Subscribe Chromebook C201pa Subscribe Chromebook C202sa Subscribe Chromebook C300 Subscribe Chromebook C300sa Subscribe Chromebook C301sa Subscribe Chromebook Flip C100pa Subscribe Chromebook Flip C302 Subscribe Chromebox Cn60 Subscribe Chromebox Cn62 Subscribe
Bobicus Subscribe	Chromebook 11 Subscribe
Ctl Subscribe	J2 Chromebook Subscribe J4 Chromebook Subscribe J5 Chromebook Subscribe N6 Chromebook Subscribe Nl61 Chromebook Subscribe
Dell Subscribe	Chromebook 11 Subscribe Chromebook 11 3120 Subscribe Chromebook 11 3189 Subscribe Chromebook 11 Model 3180 Subscribe Chromebook 13 3380 Subscribe Chromebox Subscribe
Edugear Subscribe	Chromebook K Subscribe Chromebook M Subscribe Chromebook R Subscribe Cmt Chromebook Subscribe
Edxis Subscribe	Chromebook Subscribe Education Chromebook Subscribe
Epik Subscribe	Chromebook Elb1101 Subscribe
Google Subscribe	Pixel Subscribe
Haier Subscribe	Chromebook 11 Subscribe Chromebook 11 C Subscribe Chromebook 11 G2 Subscribe Chromebook 11e Subscribe
Hexa Subscribe	Chromebook Pi Subscribe
Hisense Subscribe	Chromebook 11 Subscribe
Hp Subscribe	Chromebook Subscribe Chromebook 11-vxxx Subscribe Chromebook 11 1100-1199 Subscribe Chromebook 11 2000-2099 Subscribe Chromebook 11 2100-2199 Subscribe Chromebook 11 2200-2299 Subscribe Chromebook 11 G1 Subscribe Chromebook 11 G2 Subscribe Chromebook 11 G3 Subscribe Chromebook 11 G4\/g4 Ee Subscribe Chromebook 11 G5 Subscribe Chromebook 11 G5 Ee Subscribe Chromebook 13 G1 Subscribe Chromebook 14 Subscribe Chromebook 14 Ak000-099 Subscribe Chromebook 14 G3 Subscribe Chromebook 14 G4 Subscribe Chromebook 14 X000-x999 Subscribe Chromebox Cb1-\(000-099\) Subscribe Chromebox G1 Subscribe
Infineon Subscribe	Rsa Library Subscribe Trusted Platform Firmware Subscribe
Lenovo Subscribe	100s Chromebook Subscribe N20 Chromebook Subscribe N21 Chromebook Subscribe N22 Chromebook Subscribe N23 Chromebook Subscribe N23 Flex 11 Chromebook Subscribe N23 Yoga 11 Chromebook Subscribe N42 Chromebook Subscribe Thinkcentre Chromebox Subscribe Thinkpad 11e Chromebook Subscribe Thinkpad 13 Chromebook Subscribe
Lg Subscribe	Chromebase 22cb25s Subscribe Chromebase 22cv241 Subscribe
Medion Subscribe	Akoya S2013 Subscribe Chromebook S2015 Subscribe
Mercer Subscribe	Chromebook Subscribe V2 Chromebook Subscribe
Ncomputing Subscribe	Chromebook Cx100 Subscribe
Nexian Subscribe	Chromebook Subscribe
Pcmerge Subscribe	Chromebook Pcm-116t-432b Subscribe
Poin2 Subscribe	Chromebook 11 Subscribe Chromebook 14 Subscribe
Positivo Subscribe	Chromebook Ch1190 Subscribe
Prowise Subscribe	Entry Line Chromebook Subscribe Proline Chromebook Subscribe
Rgs Subscribe	Education Chromebook Subscribe
Samsung Subscribe	Chromebook 2 11 Subscribe Chromebook 2 11 Xe500c12 Subscribe Chromebook 2 13 Subscribe Chromebook 3 Subscribe Chromebook Plus Subscribe Chromebook Pro Subscribe
Sector-five Subscribe	E1 Rugged Chromebook Subscribe
Senkatel Subscribe	C1101 Chromebook Subscribe
Toshiba Subscribe	Chromebook Subscribe Chromebook 2 Subscribe
True Subscribe	Idc Chromebook Subscribe Idc Chromebook 11 Subscribe
Videonet Subscribe	Chromebook Subscribe Chromebook Bl10 Subscribe
Viglen Subscribe	Chromebook 11 Subscribe Chromebook 360 Subscribe
Xolo Subscribe	Chromebook Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://support.lenovo.com/us/en/product_security/LEN-15552
http://www.securityfocus.com/bid/101484
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
https://blog.cr.yp.to/20171105-infineon.html
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/
https://github.com/crocs-muni/roca
https://github.com/iadgov/Detect-CVE-2017-15361-TPM
https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
https://keychest.net/roca
https://monitor.certipath.com/rsatest
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
https://security.netapp.com/advisory/ntap-20171024-0001/
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
https://www.kb.cert.org/vuls/id/307015
https://www.yubico.com/support/security-advisories/ysa-2017-01/

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-16T17:00:00.000Z

Updated: 2024-08-05T19:57:25.602Z

Reserved: 2017-10-15T00:00:00.000Z

Link: CVE-2017-15361

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-10-16T17:29:00.243

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-15361

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Project Subscriptions

Projects

JSON object

JSON object

JSON object

JSON object

JSON object