The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/92179 | Third Party Advisory VDB Entry |
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt | Third Party Advisory |
https://support.lenovo.com/product_security/len_7267 | Vendor Advisory |
https://www.bastille.net/research/vulnerabilities/keyjack | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2016-08-02T14:00:00
Updated: 2016-08-10T15:57:01
Reserved: 2016-07-20T00:00:00
Link: CVE-2016-6257
JSON object: View
NVD Information
Status : Analyzed
Published: 2016-08-02T14:59:04.490
Modified: 2021-04-22T21:21:17.033
Link: CVE-2016-6257
JSON object: View
Redhat Information
No data.
CWE