2.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
0.0004 Low
EPSS
Percentile
15.5%
keylime is vulnerable to Improper Signature Validation. The vulnerability exists in the checkquote
function at tpm_util.py
because the quote validation is not properly handed in the case of a malformed signature which could allow an attacker to perform unauthorized actions.