Sql injection

2016-08-0214:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.8%

JSON

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a “KeyJack injection attack.”

CPENameOperatorVersion
km714_firmwarele012.005.00028
unifying_firmwarele012.005.00028
unifying_firmwarele024.003.00027

Name	Operator	Version
km714_firmware	le	012.005.00028
unifying_firmware	le	012.005.00028
unifying_firmware	le	024.003.00027

References

www.securityfocus.com/bid/92179

github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt

support.lenovo.com/product_security/len_7267

www.bastille.net/research/vulnerabilities/keyjack