QwikSec

Security Database

CVE

CWE

Training

CVE-2017-15361

Published: Oct 16, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160

x_refsource_MISC

https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/

x_refsource_MISC

https://blog.cr.yp.to/20171105-infineon.html

x_refsource_MISC

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us

x_refsource_CONFIRM

https://monitor.certipath.com/rsatest

x_refsource_MISC

https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01

x_refsource_MISC

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012

x_refsource_MISC

https://crocs.fi.muni.cz/public/papers/rsa_ccs17

x_refsource_MISC

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

x_refsource_MISC

http://support.lenovo.com/us/en/product_security/LEN-15552

x_refsource_CONFIRM

https://security.netapp.com/advisory/ntap-20171024-0001/

x_refsource_CONFIRM

https://github.com/iadgov/Detect-CVE-2017-15361-TPM

x_refsource_MISC

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html

x_refsource_CONFIRM

third-party-advisory

x_refsource_CERT-VN

https://github.com/crocs-muni/roca

x_refsource_MISC

https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

x_refsource_MISC

https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf

x_refsource_CONFIRM

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us

x_refsource_CONFIRM

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html

x_refsource_CONFIRM

https://www.yubico.com/support/security-advisories/ysa-2017-01/

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

https://keychest.net/roca

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.