Lucene search

[email protected]CVE-2017-7932

HistoryAug 07, 2017 - 8:29 a.m.

CVE-2017-7932

2017-08-0708:29:00

CWE-295

[email protected]

web.nvd.nist.gov

nxp

i.mx

certificate validation

vulnerability

cve-2017-7932

security issue

signature bypass

unsigned image

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.

Affected configurations

NVD

Node

nxpvybrid_mvf30nn151cku26_firmwareMatch-

AND

nxpvybrid_mvf30nn151cku26Match-

Node

nxpvybrid_mvf30ns151cku26_firmwareMatch-

AND

nxpvybrid_mvf30ns151cku26Match-

Node

nxpvybrid_mvf50nn151cmk40_firmwareMatch-

AND

nxpvybrid_mvf50nn151cmk40Match-

Node

nxpvybrid_mvf50nn151cmk50_firmwareMatch-

AND

nxpvybrid_mvf50nn151cmk50Match-

Node

nxpvybrid_mvf50ns151cmk40_firmwareMatch-

AND

nxpvybrid_mvf50ns151cmk40Match-

Node

nxpvybrid_mvf50ns151cmk50_firmwareMatch-

AND

nxpvybrid_mvf50ns151cmk50Match-

Node

nxpvybrid_mvf51nn151cmk50_firmwareMatch-

AND

nxpvybrid_mvf51nn151cmk50Match-

Node

nxpvybrid_mvf51ns151cmk50_firmwareMatch-

AND

nxpvybrid_mvf51ns151cmk50Match-

Node

nxpvybrid_mvf60nn151cmk40_firmwareMatch-

AND

nxpvybrid_mvf60nn151cmk40Match-

Node

nxpvybrid_mvf60ns151cmk40_firmwareMatch-

AND

nxpvybrid_mvf60ns151cmk40Match-

Node

nxpvybrid_mvf60nn151cmk50_firmwareMatch-

AND

nxpvybrid_mvf60nn151cmk50Match-

Node

nxpvybrid_mvf60ns151cmk50_firmwareMatch-

AND

nxpvybrid_mvf60ns151cmk50Match-

Node

nxpvybrid_mvf61nn151cmk50_firmwareMatch-

AND

nxpvybrid_mvf61nn151cmk50Match-

Node

nxpvybrid_mvf61ns151cmk50_firmwareMatch-

AND

nxpvybrid_mvf61ns151cmk50Match-

Node

nxpvybrid_mvf62nn151cmk40_firmwareMatch-

AND

nxpvybrid_mvf62nn151cmk40Match-

Node

nxpi.mx_50_firmwareMatch-

AND

nxpi.mx_50Match-

Node

nxpi.mx_53_firmwareMatch-

AND

nxpi.mx_53Match-

Node

nxpi.mx_6ull_firmwareMatch-

AND

nxpi.mx_6ullMatch-

Node

nxpi.mx_6ultralite_firmwareMatch-

AND

nxpi.mx_6ultraliteMatch-

Node

nxpi.mx_6sololite_firmwareMatch-

AND

nxpi.mx_6sololiteMatch-

Node

nxpi.mx_6solo_firmwareMatch-

AND

nxpi.mx_6soloMatch-

Node

nxpi.mx_6duallite_firmwareMatch-

AND

nxpi.mx_6dualliteMatch-

Node

nxpi.mx_6solox_firmwareMatch-

AND

nxpi.mx_6soloxMatch-

Node

nxpi.mx_6dual_firmwareMatch-

AND

nxpi.mx_6dualMatch-

Node

nxpi.mx_6quad_firmwareMatch-

AND

nxpi.mx_6quadMatch-

Node

nxpi.mx_6quadplus_firmwareMatch-

AND

nxpi.mx_6quadplusMatch-

Node

nxpi.mx_6dualplus_firmwareMatch-

AND

nxpi.mx_6dualplusMatch-

Node

nxpi.mx_28_firmwareMatch-

AND

nxpi.mx_28Match-

Node

nxpi.mx_7dual_firmwareMatch-

AND

nxpi.mx_7dualMatch-

Node

nxpi.mx_7solo_firmwareMatch-

AND

nxpi.mx_7soloMatch-

CPENameOperatorVersion
nxp:vybrid_mvf30nn151cku26_firmwarenxp vybrid mvf30nn151cku26 firmwareeq-

CPE	Name	Operator	Version
nxp:vybrid_mvf30nn151cku26_firmware	nxp vybrid mvf30nn151cku26 firmware	eq	-

CNA Affected

[
  {
    "product": "NXP i.MX Product Family",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "NXP i.MX Product Family"
      }
    ]
  }
]

References

www.securityfocus.com/bid/99966

ics-cert.us-cert.gov/advisories/ICSA-17-152-02

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

46.6%

JSON

Related for CVE-2017-7932

cvelist1 prion1 nvd1 ics1