Lucene search

[email protected]CVE-2024-38532

HistoryJun 28, 2024 - 10:15 p.m.

CVE-2024-38532

2024-06-2822:15:03

CWE-321

[email protected]

web.nvd.nist.gov

nxp socs

aes cryptographic engine

encryption/decryption

dcp_tool

test key

repository

commit 26a7

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

The NXP Data Co-Processor (DCP) is a built-in hardware module for specific NXP SoCs¹ that implements a dedicated AES cryptographic engine for encryption/decryption operations. The dcp_tool reference implementation included in the repository selected the test key, regardless of its -t argument. This issue has been patched in commit 26a7.

Affected configurations

Vulners

Node

usbarmorymxs_dcpRange6151–26a7

CNA Affected

[
  {
    "vendor": "usbarmory",
    "product": "mxs-dcp",
    "versions": [
      {
        "version": ">= commit 6151, < commit 26a7",
        "status": "affected"
      }
    ]
  }
]

References

github.com/usbarmory/mxs-dcp/commit/e5a99cb3d9429e6145495da7d01525c75af426a7

github.com/usbarmory/mxs-dcp/security/advisories/GHSA-g85c-rh49-p8cq

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2024-38532

cvelist1 nvd1