CVE-2017-15361 - Vulnerability Details

Description

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Published: 2017-10-16

Score: 5.9 Medium

EPSS: 73.4% High

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

AND

OR	cpe:2.3:o:infineon:trusted_platform_firmware:4.31:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:4.32:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:6.40:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:133.32:::::::*

OR	cpe:2.3:h:acer:c720_chromebook:-:::::::*
	cpe:2.3:h:acer:chromebase:-:::::::*
	cpe:2.3:h:acer:chromebase_24:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c730:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c730e:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c735:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c740:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c771:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c771t:-:::::::*
	cpe:2.3:h:acer:chromebook_11_n7_c731:-:::::::*
	cpe:2.3:h:acer:chromebook_13_cb5-311:-:::::::*
	cpe:2.3:h:acer:chromebook_14_cb3-431:-:::::::*
	cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb3-531:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb3-532:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb5-571:-:::::::*
	cpe:2.3:h:acer:chromebook_r11:-:::::::*
	cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:::::::*
	cpe:2.3:h:acer:chromebox:-:::::::*
	cpe:2.3:h:acer:chromebox_cxi2:-:::::::*
	cpe:2.3:h:aopen:chromebase:-::commercial:::::
	cpe:2.3:h:aopen:chromebase:-::mini:::::
	cpe:2.3:h:aopen:chromebox:-::commercial:::::
	cpe:2.3:h:aopen:chromeboxi:-::mini:::::
	cpe:2.3:h:asi:chromebook:-:::::::*
	cpe:2.3:h:asus:chromebit_cs10:-:::::::*
	cpe:2.3:h:asus:chromebook_c200:-:::::::*
	cpe:2.3:h:asus:chromebook_c201pa:-:::::::*
	cpe:2.3:h:asus:chromebook_c202sa:-:::::::*
	cpe:2.3:h:asus:chromebook_c300:-:::::::*
	cpe:2.3:h:asus:chromebook_c300sa:-:::::::*
	cpe:2.3:h:asus:chromebook_c301sa:-:::::::*
	cpe:2.3:h:asus:chromebook_flip_c100pa:-:::::::*
	cpe:2.3:h:asus:chromebook_flip_c302:-:::::::*
	cpe:2.3:h:asus:chromebox_cn60:-:::::::*
	cpe:2.3:h:asus:chromebox_cn62:-:::::::*
	cpe:2.3:h:bobicus:chromebook_11::::::::
	cpe:2.3:h:ctl:j2_chromebook:-:::::education::
	cpe:2.3:h:ctl:j4_chromebook:-:::::education::
	cpe:2.3:h:ctl:j5_chromebook:-:::::::*
	cpe:2.3:h:ctl:n6_chromebook:-:::::education::
	cpe:2.3:h:ctl:nl61_chromebook:-:::::::*
	cpe:2.3:h:dell:chromebook_11:-:::::::*
	cpe:2.3:h:dell:chromebook_11_3120:-:::::::*
	cpe:2.3:h:dell:chromebook_11_3189:-:::::::*
	cpe:2.3:h:dell:chromebook_11_model_3180:-:::::::*
	cpe:2.3:h:dell:chromebook_13_3380:-:::::::*
	cpe:2.3:h:dell:chromebox:-:::::::*
	cpe:2.3:h:edugear:chromebook_k:-:::::::*
	cpe:2.3:h:edugear:chromebook_m:-:::::::*
	cpe:2.3:h:edugear:chromebook_r:-:::::::*
	cpe:2.3:h:edugear:cmt_chromebook:-:::::::*
	cpe:2.3:h:edxis:chromebook:-:::::::*
	cpe:2.3:h:edxis:education_chromebook:-:::::::*
	cpe:2.3:h:epik:chromebook_elb1101:-:::::::*
	cpe:2.3:h:google:pixel:-:::::::*
	cpe:2.3:h:haier:chromebook_11:-:::::::*
	cpe:2.3:h:haier:chromebook_11_c:-:::::::*
	cpe:2.3:h:haier:chromebook_11_g2:-:::::::*
	cpe:2.3:h:haier:chromebook_11e:-:::::::*
	cpe:2.3:h:hexa:chromebook_pi:-:::::::*
	cpe:2.3:h:hisense:chromebook_11:-:::::::*
	cpe:2.3:h:hp:chromebook:-:::::meetings::
	cpe:2.3:h:hp:chromebook_11-vxxx:-:::::::*
cpe:2.3:h:hp:chromebook_11_1100-1199:-:::::::*
cpe:2.3:h:hp:chromebook_11_2000-2099:-:::::::*
cpe:2.3:h:hp:chromebook_11_2100-2199:-:::::::*
cpe:2.3:h:hp:chromebook_11_2200-2299:-:::::::*
cpe:2.3:h:hp:chromebook_11_g1:-:::::::*
cpe:2.3:h:hp:chromebook_11_g2:-:::::::*
cpe:2.3:h:hp:chromebook_11_g3:-:::::::*
cpe:2.3:h:hp:chromebook_11_g4\/g4_ee:-:::::::*
cpe:2.3:h:hp:chromebook_11_g5:-:::::::*
cpe:2.3:h:hp:chromebook_11_g5_ee:-:::::::*
cpe:2.3:h:hp:chromebook_13_g1:-:::::::*
cpe:2.3:h:hp:chromebook_14:-:::::::*
cpe:2.3:h:hp:chromebook_14_ak000-099:-:::::::*
cpe:2.3:h:hp:chromebook_14_g3:-:::::::*
cpe:2.3:h:hp:chromebook_14_g4:-:::::::*
cpe:2.3:h:hp:chromebook_14_x000-x999:-:::::::*
cpe:2.3:h:hp:chromebox_cb1-\(000-099\):-:::::::*
cpe:2.3:h:hp:chromebox_g1:-:::::::*
cpe:2.3:h:lenovo:100s_chromebook:-:::::::*
cpe:2.3:h:lenovo:n20_chromebook:-:::::::*
cpe:2.3:h:lenovo:n21_chromebook:-:::::::*
cpe:2.3:h:lenovo:n22_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:::::::*
cpe:2.3:h:lenovo:n42_chromebook:-:::::::*
cpe:2.3:h:lenovo:thinkcentre_chromebox:-:::::::*
cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:::::::*
cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:::::::*
cpe:2.3:h:lg:chromebase_22cb25s:-:::::::*
cpe:2.3:h:lg:chromebase_22cv241:-:::::::*
cpe:2.3:h:medion:akoya_s2013:-:::::::*
cpe:2.3:h:medion:chromebook_s2015:-:::::::*
cpe:2.3:h:mercer:chromebook:-:::::::*
cpe:2.3:h:mercer:v2_chromebook:-:::::::*
cpe:2.3:h:ncomputing:chromebook_cx100:-:::::::*
cpe:2.3:h:nexian:chromebook:-:::::::*
cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:::::::*
cpe:2.3:h:poin2:chromebook_11:-:::::::*
cpe:2.3:h:poin2:chromebook_14:-:::::::*
cpe:2.3:h:positivo:chromebook_ch1190:-:::::::*
cpe:2.3:h:prowise:entry_line_chromebook:-:::::::*
cpe:2.3:h:prowise:proline_chromebook:-:::::::*
cpe:2.3:h:rgs:education_chromebook:-:::::::*
cpe:2.3:h:samsung:chromebook_2_11:-:::::::*
cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:::::::*
cpe:2.3:h:samsung:chromebook_2_13:-:::::::*
cpe:2.3:h:samsung:chromebook_3:-:::::::*
cpe:2.3:h:samsung:chromebook_plus:-:::::::*
cpe:2.3:h:samsung:chromebook_pro:-:::::::*
cpe:2.3:h:sector-five:e1_rugged_chromebook:-:::::::*
cpe:2.3:h:senkatel:c1101_chromebook:-:::::::*
cpe:2.3:h:toshiba:chromebook:-:::::::*
cpe:2.3:h:toshiba:chromebook_2:-:::::::*
cpe:2.3:h:toshiba:chromebook_2:-::2015:::::
cpe:2.3:h:true:idc_chromebook:-:::::::*
cpe:2.3:h:true:idc_chromebook_11:-:::::::*
cpe:2.3:h:videonet:chromebook:-:::::::*
cpe:2.3:h:videonet:chromebook_bl10:-:::::::*
cpe:2.3:h:viglen:chromebook_11:-:::::::*
cpe:2.3:h:viglen:chromebook_360:-:::::::*
cpe:2.3:h:xolo:chromebook:-:::::::*

Configuration 2 [-]

cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.73437.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://support.lenovo.com/us/en/product_security/LEN-15552
http://www.securityfocus.com/bid/101484
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
https://blog.cr.yp.to/20171105-infineon.html
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/
https://github.com/crocs-muni/roca
https://github.com/iadgov/Detect-CVE-2017-15361-TPM
https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
https://keychest.net/roca
https://monitor.certipath.com/rsatest
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
https://security.netapp.com/advisory/ntap-20171024-0001/
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
https://www.kb.cert.org/vuls/id/307015
https://www.yubico.com/support/security-advisories/ysa-2017-01/

History

No history.

Subscriptions

Acer C720 Chromebook Chromebase Chromebase 24 Chromebook 11 C730 Chromebook 11 C730e Chromebook 11 C735 Chromebook 11 C740 Chromebook 11 C771 Chromebook 11 C771t Chromebook 11 N7 C731 Chromebook 13 Cb5-311 Chromebook 14 Cb3-431 Chromebook 14 For Work Cp5-471 Chromebook 15 Cb3-531 Chromebook 15 Cb3-532 Chromebook 15 Cb5-571 Chromebook R11 Chromebook R13 Cb5-312t Chromebox Chromebox Cxi2

Aopen Chromebase Chromebox Chromeboxi

Asi Chromebook

Asus Chromebit Cs10 Chromebook C200 Chromebook C201pa Chromebook C202sa Chromebook C300 Chromebook C300sa Chromebook C301sa Chromebook Flip C100pa Chromebook Flip C302 Chromebox Cn60 Chromebox Cn62

Bobicus Chromebook 11

Ctl J2 Chromebook J4 Chromebook J5 Chromebook N6 Chromebook Nl61 Chromebook

Dell Chromebook 11 Chromebook 11 3120 Chromebook 11 3189 Chromebook 11 Model 3180 Chromebook 13 3380 Chromebox

Edugear Chromebook K Chromebook M Chromebook R Cmt Chromebook

Edxis Chromebook Education Chromebook

Epik Chromebook Elb1101

Google Pixel

Haier Chromebook 11 Chromebook 11 C Chromebook 11 G2 Chromebook 11e

Hexa Chromebook Pi

Hisense Chromebook 11

Hp Chromebook Chromebook 11-vxxx Chromebook 11 1100-1199 Chromebook 11 2000-2099 Chromebook 11 2100-2199 Chromebook 11 2200-2299 Chromebook 11 G1 Chromebook 11 G2 Chromebook 11 G3 Chromebook 11 G4\/g4 Ee Chromebook 11 G5 Chromebook 11 G5 Ee Chromebook 13 G1 Chromebook 14 Chromebook 14 Ak000-099 Chromebook 14 G3 Chromebook 14 G4 Chromebook 14 X000-x999 Chromebox Cb1-\(000-099\) Chromebox G1

Infineon Rsa Library Trusted Platform Firmware

Lenovo 100s Chromebook N20 Chromebook N21 Chromebook N22 Chromebook N23 Chromebook N23 Flex 11 Chromebook N23 Yoga 11 Chromebook N42 Chromebook Thinkcentre Chromebox Thinkpad 11e Chromebook Thinkpad 13 Chromebook

Lg Chromebase 22cb25s Chromebase 22cv241

Medion Akoya S2013 Chromebook S2015

Mercer Chromebook V2 Chromebook

Ncomputing Chromebook Cx100

Nexian Chromebook

Pcmerge Chromebook Pcm-116t-432b

Poin2 Chromebook 11 Chromebook 14

Positivo Chromebook Ch1190

Prowise Entry Line Chromebook Proline Chromebook

Rgs Education Chromebook

Samsung Chromebook 2 11 Chromebook 2 11 Xe500c12 Chromebook 2 13 Chromebook 3 Chromebook Plus Chromebook Pro

Sector-five E1 Rugged Chromebook

Senkatel C1101 Chromebook

Toshiba Chromebook Chromebook 2

True Idc Chromebook Idc Chromebook 11

Videonet Chromebook Chromebook Bl10

Viglen Chromebook 11 Chromebook 360

Xolo Chromebook

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-16T17:00:00.000Z

Updated: 2024-08-05T19:57:25.602Z

Reserved: 2017-10-15T00:00:00.000Z

Link: CVE-2017-15361

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2017-10-16T17:29:00.243

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-15361

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

NVD-CWE-noinfo

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object