CVE-2021-3406 - OpenCVE

A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Keylime	Keylime
Fedoraproject	Fedora

Configuration 1 [-]

cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1932469	Issue Tracking Third Party Advisory
https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m	Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2021-02-25T19:15:57

Updated: 2021-03-19T21:06:16

Reserved: 2021-02-09T00:00:00

Link: CVE-2021-3406

JSON object: View

NVD Information

Status : Modified

Published: 2021-02-25T20:15:11.707

Modified: 2023-11-07T03:37:59.147

Link: CVE-2021-3406

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "keylime", "vendor": "n/a", "versions": [{"status": "affected", "version": "5.8.1 and older"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-347", "description": "CWE-347", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-19T21:06:16", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932469"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m"}, {"name": "FEDORA-2021-b7854ccfe4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2021-3406", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "keylime", "version": {"version_data": [{"version_value": "5.8.1 and older"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-347"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1932469", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932469"}, {"name": "https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m", "refsource": "MISC", "url": "https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m"}, {"name": "FEDORA-2021-b7854ccfe4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/"}]}}}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2021-3406", "datePublished": "2021-02-25T19:15:57", "dateReserved": "2021-02-09T00:00:00", "dateUpdated": "2021-03-19T21:06:16", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:keylime:keylime:*:*:*:*:*:*:*:*", "matchCriteriaId": "893BA97F-D9D8-4E80-BB65-11BE070C79E1", "versionEndIncluding": "5.8.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in keylime 5.8.1 and older. The issue in the Keylime agent and registrar code invalidates the cryptographic chain of trust from the Endorsement Key certificate to agent attestations."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en keylime versiones 5.8.1 y anteriores. El problema en el agente de Keylime y el c\u00f3digo registrar invalida la cadena criptogr\u00e1fica confiable desde el certificado Endorsement Key hasta las atestaciones del agente"}], "id": "CVE-2021-3406", "lastModified": "2023-11-07T03:37:59.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-25T20:15:11.707", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1932469"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://github.com/keylime/keylime/security/advisories/GHSA-78f8-6c68-375m"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YAWKEF2LVXUME266T6RNRVBGAD375QAT/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-347"}], "source": "secalert@redhat.com", "type": "Secondary"}]}