CVE-2019-18671 - OpenCVE

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Keepkey	Keepkey Keepkey Firmware

Configuration 1 [-]

AND

cpe:2.3:o:keepkey:keepkey_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:keepkey:keepkey:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://blog.inhq.net/posts/keepkey-CVE-2019-18671/
https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3
https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065
https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-12-06T17:53:29

Updated: 2024-08-05T01:54:14.598Z

Reserved: 2019-11-02T00:00:00

Link: CVE-2019-18671

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-12-06T18:15:12.653

Modified: 2020-02-12T03:15:10.943

Link: CVE-2019-18671

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-12T02:53:19", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"}, {"tags": ["x_refsource_MISC"], "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"}, {"tags": ["x_refsource_MISC"], "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-18671", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3", "refsource": "MISC", "url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"}, {"name": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065", "refsource": "MISC", "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"}, {"name": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3", "refsource": "CONFIRM", "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"}, {"name": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/", "refsource": "MISC", "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:54:14.598Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-18671", "datePublished": "2019-12-06T17:53:29", "dateReserved": "2019-11-02T00:00:00", "dateUpdated": "2024-08-05T01:54:14.598Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:keepkey:keepkey_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "60AB201E-BAD5-466A-8896-F17EDC53E75E", "versionEndExcluding": "6.2.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:keepkey:keepkey:-:*:*:*:*:*:*:*", "matchCriteriaId": "31C93828-4A0A-4B05-BFE3-9B795EAA0872", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB."}, {"lang": "es", "value": "Las comprobaciones insuficientes en el manejo de paquetes USB de la billetera de hardware ShapeShift KeepKey anteriores a firmware 6.2.2 permiten escrituras fuera de l\u00edmites en el segmento .bss a trav\u00e9s de mensajes especialmente dise\u00f1ados. La vulnerabilidad podr\u00eda permitir la ejecuci\u00f3n de c\u00f3digo u otras formas de impacto. Puede ser activado por atacantes no autenticados y se puede acceder a la interfaz a trav\u00e9s de WebUSB."}], "id": "CVE-2019-18671", "lastModified": "2020-02-12T03:15:10.943", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-12-06T18:15:12.653", "references": [{"source": "cve@mitre.org", "url": "https://blog.inhq.net/posts/keepkey-CVE-2019-18671/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}