CVE-2017-15361 - OpenCVE

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

No CVSS v3.1

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Lenovo	N21 Chromebook Thinkpad 11e Chromebook N23 Flex 11 Chromebook N20 Chromebook N23 Chromebook N22 Chromebook Thinkpad 13 Chromebook N42 Chromebook 100s Chromebook Thinkcentre Chromebox N23 Yoga 11 Chromebook
Hp	Chromebook 11 2100-2199 Chromebook 11 G3 Chromebook 11-vxxx Chromebook 11 G5 Chromebook 11 1100-1199 Chromebook 11 G1 Chromebook 13 G1 Chromebook 11 2200-2299 Chromebook 14 Chromebook 11 G5 Ee Chromebox Cb1-\(000-099\) Chromebook 14 G3 Chromebook Chromebook 11 G4\/g4 Ee Chromebox G1 Chromebook 11 2000-2099 Chromebook 14 Ak000-099 Chromebook 11 G2 Chromebook 14 X000-x999 Chromebook 14 G4
Poin2	Chromebook 14 Chromebook 11
Samsung	Chromebook 2 13 Chromebook Plus Chromebook 3 Chromebook 2 11 Xe500c12 Chromebook Pro Chromebook 2 11
Infineon	Trusted Platform Firmware Rsa Library
Haier	Chromebook 11 C Chromebook 11 G2 Chromebook 11e Chromebook 11
Acer	C720 Chromebook Chromebook 13 Cb5-311 Chromebase 24 Chromebook 11 C771t Chromebook 15 Cb5-571 Chromebox Cxi2 Chromebook 15 Cb3-532 Chromebook R13 Cb5-312t Chromebook 11 N7 C731 Chromebook 14 Cb3-431 Chromebook 11 C735 Chromebook 11 C730 Chromebook R11 Chromebase Chromebook 11 C740 Chromebox Chromebook 11 C771 Chromebook 14 For Work Cp5-471 Chromebook 11 C730e Chromebook 15 Cb3-531
Dell	Chromebook 11 3120 Chromebook 11 Chromebook 13 3380 Chromebox Chromebook 11 3189 Chromebook 11 Model 3180
Toshiba	Chromebook 2 Chromebook
Mercer	V2 Chromebook Chromebook
Asus	Chromebook Flip C100pa Chromebook C300 Chromebook C301sa Chromebook C201pa Chromebox Cn62 Chromebook C202sa Chromebit Cs10 Chromebook C200 Chromebox Cn60 Chromebook Flip C302 Chromebook C300sa
Edugear	Chromebook K Chromebook M Cmt Chromebook Chromebook R
Videonet	Chromebook Chromebook Bl10
Prowise	Proline Chromebook Entry Line Chromebook
Ctl	Nl61 Chromebook J5 Chromebook J2 Chromebook J4 Chromebook N6 Chromebook
Google	Pixel
Viglen	Chromebook 360 Chromebook 11
Nexian	Chromebook
Bobicus	Chromebook 11
Edxis	Chromebook Education Chromebook
Rgs	Education Chromebook
True	Idc Chromebook Idc Chromebook 11
Senkatel	C1101 Chromebook
Lg	Chromebase 22cv241 Chromebase 22cb25s
Pcmerge	Chromebook Pcm-116t-432b
Hisense	Chromebook 11
Medion	Akoya S2013 Chromebook S2015
Aopen	Chromebase Chromeboxi Chromebox
Ncomputing	Chromebook Cx100
Epik	Chromebook Elb1101
Hexa	Chromebook Pi
Asi	Chromebook
Positivo	Chromebook Ch1190
Sector-five	E1 Rugged Chromebook
Xolo	Chromebook

Configuration 1 [-]

AND

OR	cpe:2.3:o:infineon:trusted_platform_firmware:4.31:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:4.32:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:6.40:::::::*
	cpe:2.3:o:infineon:trusted_platform_firmware:133.32:::::::*

OR	cpe:2.3:h:acer:c720_chromebook:-:::::::*
	cpe:2.3:h:acer:chromebase:-:::::::*
	cpe:2.3:h:acer:chromebase_24:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c730:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c730e:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c735:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c740:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c771:-:::::::*
	cpe:2.3:h:acer:chromebook_11_c771t:-:::::::*
	cpe:2.3:h:acer:chromebook_11_n7_c731:-:::::::*
	cpe:2.3:h:acer:chromebook_13_cb5-311:-:::::::*
	cpe:2.3:h:acer:chromebook_14_cb3-431:-:::::::*
	cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb3-531:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb3-532:-:::::::*
	cpe:2.3:h:acer:chromebook_15_cb5-571:-:::::::*
	cpe:2.3:h:acer:chromebook_r11:-:::::::*
	cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:::::::*
	cpe:2.3:h:acer:chromebox:-:::::::*
	cpe:2.3:h:acer:chromebox_cxi2:-:::::::*
	cpe:2.3:h:aopen:chromebase:-::commercial:::::
	cpe:2.3:h:aopen:chromebase:-::mini:::::
	cpe:2.3:h:aopen:chromebox:-::commercial:::::
	cpe:2.3:h:aopen:chromeboxi:-::mini:::::
	cpe:2.3:h:asi:chromebook:-:::::::*
	cpe:2.3:h:asus:chromebit_cs10:-:::::::*
	cpe:2.3:h:asus:chromebook_c200:-:::::::*
	cpe:2.3:h:asus:chromebook_c201pa:-:::::::*
	cpe:2.3:h:asus:chromebook_c202sa:-:::::::*
	cpe:2.3:h:asus:chromebook_c300:-:::::::*
	cpe:2.3:h:asus:chromebook_c300sa:-:::::::*
	cpe:2.3:h:asus:chromebook_c301sa:-:::::::*
	cpe:2.3:h:asus:chromebook_flip_c100pa:-:::::::*
	cpe:2.3:h:asus:chromebook_flip_c302:-:::::::*
	cpe:2.3:h:asus:chromebox_cn60:-:::::::*
	cpe:2.3:h:asus:chromebox_cn62:-:::::::*
	cpe:2.3:h:bobicus:chromebook_11::::::::
	cpe:2.3:h:ctl:j2_chromebook:-:::::education::
	cpe:2.3:h:ctl:j4_chromebook:-:::::education::
	cpe:2.3:h:ctl:j5_chromebook:-:::::::*
	cpe:2.3:h:ctl:n6_chromebook:-:::::education::
	cpe:2.3:h:ctl:nl61_chromebook:-:::::::*
	cpe:2.3:h:dell:chromebook_11:-:::::::*
	cpe:2.3:h:dell:chromebook_11_3120:-:::::::*
	cpe:2.3:h:dell:chromebook_11_3189:-:::::::*
	cpe:2.3:h:dell:chromebook_11_model_3180:-:::::::*
	cpe:2.3:h:dell:chromebook_13_3380:-:::::::*
	cpe:2.3:h:dell:chromebox:-:::::::*
	cpe:2.3:h:edugear:chromebook_k:-:::::::*
	cpe:2.3:h:edugear:chromebook_m:-:::::::*
	cpe:2.3:h:edugear:chromebook_r:-:::::::*
	cpe:2.3:h:edugear:cmt_chromebook:-:::::::*
	cpe:2.3:h:edxis:chromebook:-:::::::*
	cpe:2.3:h:edxis:education_chromebook:-:::::::*
	cpe:2.3:h:epik:chromebook_elb1101:-:::::::*
	cpe:2.3:h:google:pixel:-:::::::*
	cpe:2.3:h:haier:chromebook_11:-:::::::*
	cpe:2.3:h:haier:chromebook_11_c:-:::::::*
	cpe:2.3:h:haier:chromebook_11_g2:-:::::::*
	cpe:2.3:h:haier:chromebook_11e:-:::::::*
	cpe:2.3:h:hexa:chromebook_pi:-:::::::*
	cpe:2.3:h:hisense:chromebook_11:-:::::::*
	cpe:2.3:h:hp:chromebook:-:::::meetings::
	cpe:2.3:h:hp:chromebook_11-vxxx:-:::::::*
cpe:2.3:h:hp:chromebook_11_1100-1199:-:::::::*
cpe:2.3:h:hp:chromebook_11_2000-2099:-:::::::*
cpe:2.3:h:hp:chromebook_11_2100-2199:-:::::::*
cpe:2.3:h:hp:chromebook_11_2200-2299:-:::::::*
cpe:2.3:h:hp:chromebook_11_g1:-:::::::*
cpe:2.3:h:hp:chromebook_11_g2:-:::::::*
cpe:2.3:h:hp:chromebook_11_g3:-:::::::*
cpe:2.3:h:hp:chromebook_11_g4\/g4_ee:-:::::::*
cpe:2.3:h:hp:chromebook_11_g5:-:::::::*
cpe:2.3:h:hp:chromebook_11_g5_ee:-:::::::*
cpe:2.3:h:hp:chromebook_13_g1:-:::::::*
cpe:2.3:h:hp:chromebook_14:-:::::::*
cpe:2.3:h:hp:chromebook_14_ak000-099:-:::::::*
cpe:2.3:h:hp:chromebook_14_g3:-:::::::*
cpe:2.3:h:hp:chromebook_14_g4:-:::::::*
cpe:2.3:h:hp:chromebook_14_x000-x999:-:::::::*
cpe:2.3:h:hp:chromebox_cb1-\(000-099\):-:::::::*
cpe:2.3:h:hp:chromebox_g1:-:::::::*
cpe:2.3:h:lenovo:100s_chromebook:-:::::::*
cpe:2.3:h:lenovo:n20_chromebook:-:::::::*
cpe:2.3:h:lenovo:n21_chromebook:-:::::::*
cpe:2.3:h:lenovo:n22_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:::::::*
cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:::::::*
cpe:2.3:h:lenovo:n42_chromebook:-:::::::*
cpe:2.3:h:lenovo:thinkcentre_chromebox:-:::::::*
cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:::::::*
cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:::::::*
cpe:2.3:h:lg:chromebase_22cb25s:-:::::::*
cpe:2.3:h:lg:chromebase_22cv241:-:::::::*
cpe:2.3:h:medion:akoya_s2013:-:::::::*
cpe:2.3:h:medion:chromebook_s2015:-:::::::*
cpe:2.3:h:mercer:chromebook:-:::::::*
cpe:2.3:h:mercer:v2_chromebook:-:::::::*
cpe:2.3:h:ncomputing:chromebook_cx100:-:::::::*
cpe:2.3:h:nexian:chromebook:-:::::::*
cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:::::::*
cpe:2.3:h:poin2:chromebook_11:-:::::::*
cpe:2.3:h:poin2:chromebook_14:-:::::::*
cpe:2.3:h:positivo:chromebook_ch1190:-:::::::*
cpe:2.3:h:prowise:entry_line_chromebook:-:::::::*
cpe:2.3:h:prowise:proline_chromebook:-:::::::*
cpe:2.3:h:rgs:education_chromebook:-:::::::*
cpe:2.3:h:samsung:chromebook_2_11:-:::::::*
cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:::::::*
cpe:2.3:h:samsung:chromebook_2_13:-:::::::*
cpe:2.3:h:samsung:chromebook_3:-:::::::*
cpe:2.3:h:samsung:chromebook_plus:-:::::::*
cpe:2.3:h:samsung:chromebook_pro:-:::::::*
cpe:2.3:h:sector-five:e1_rugged_chromebook:-:::::::*
cpe:2.3:h:senkatel:c1101_chromebook:-:::::::*
cpe:2.3:h:toshiba:chromebook:-:::::::*
cpe:2.3:h:toshiba:chromebook_2:-:::::::*
cpe:2.3:h:toshiba:chromebook_2:-::2015:::::
cpe:2.3:h:true:idc_chromebook:-:::::::*
cpe:2.3:h:true:idc_chromebook_11:-:::::::*
cpe:2.3:h:videonet:chromebook:-:::::::*
cpe:2.3:h:videonet:chromebook_bl10:-:::::::*
cpe:2.3:h:viglen:chromebook_11:-:::::::*
cpe:2.3:h:viglen:chromebook_360:-:::::::*
cpe:2.3:h:xolo:chromebook:-:::::::*

Configuration 2 [-]

cpe:2.3:a:infineon:rsa_library:*:*:*:*:*:*:*:*

References

Link	Resource
http://support.lenovo.com/us/en/product_security/LEN-15552	Mitigation Third Party Advisory
http://www.securityfocus.com/bid/101484	Third Party Advisory VDB Entry
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/	Issue Tracking Third Party Advisory
https://blog.cr.yp.to/20171105-infineon.html
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
https://crocs.fi.muni.cz/public/papers/rsa_ccs17	Issue Tracking Mitigation Third Party Advisory
https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/	Issue Tracking Third Party Advisory
https://github.com/crocs-muni/roca	Mitigation Third Party Advisory
https://github.com/iadgov/Detect-CVE-2017-15361-TPM	Mitigation Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
https://keychest.net/roca	Issue Tracking Mitigation Third Party Advisory
https://monitor.certipath.com/rsatest	Mitigation Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012	Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20171024-0001/
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update	Issue Tracking Mitigation Patch Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160	Mitigation Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
https://www.kb.cert.org/vuls/id/307015	Issue Tracking Mitigation US Government Resource Third Party Advisory
https://www.yubico.com/support/security-advisories/ysa-2017-01/	Mitigation Third Party Advisory