CVE-2017-5681 - OpenCVE

The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Intel	Quickassist Technology Engine

Configuration 1 [-]

cpe:2.3:a:intel:quickassist_technology_engine:0.5.18:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr

History

No history.

MITRE

Status: PUBLISHED

Assigner: intel

Published: 2017-03-07T18:00:00

Updated: 2024-08-05T15:11:48.289Z

Reserved: 2017-02-01T00:00:00

Link: CVE-2017-5681

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-03-07T18:59:00.170

Modified: 2019-10-03T00:03:26.223

Link: CVE-2017-5681

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Intel Quick Assist Technology", "vendor": "Intel", "versions": [{"status": "affected", "version": "Before v0.5.19"}]}], "datePublic": "2017-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-03-07T17:57:01", "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "shortName": "intel"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secure@intel.com", "ID": "CVE-2017-5681", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Intel Quick Assist Technology", "version": {"version_data": [{"version_value": "Before v0.5.19"}]}}]}, "vendor_name": "Intel"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr", "refsource": "CONFIRM", "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T15:11:48.289Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr"}]}]}, "cveMetadata": {"assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce", "assignerShortName": "intel", "cveId": "CVE-2017-5681", "datePublished": "2017-03-07T18:00:00", "dateReserved": "2017-02-01T00:00:00", "dateUpdated": "2024-08-05T15:11:48.289Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:intel:quickassist_technology_engine:0.5.18:*:*:*:*:*:*:*", "matchCriteriaId": "CC2B9E98-E03D-4940-AFA0-41A8303510B2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) Engine for OpenSSL versions prior to 0.5.19 may allow remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack."}, {"lang": "es", "value": "La implementaci\u00f3n RSA-CRT en el motor Intel QuickAssist Technology (QAT) para OpenSSL versiones anteriores a 0.5.19 puede permitir a atacantes remotos obtener claves RSA privadas mediante la realizaci\u00f3n de un ataque de canal lateral Lenstra."}], "id": "CVE-2017-5681", "lastModified": "2019-10-03T00:03:26.223", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-03-07T18:59:00.170", "references": [{"source": "secure@intel.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00071&languageid=en-fr"}], "sourceIdentifier": "secure@intel.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}