5.9
MEDIUM
CVE-2017-15361
Infineon TPM RSA Key Generation Vulnerability (ROCA)
Description

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

INFO

Published Date :

Oct. 16, 2017, 5:29 p.m.

Last Modified :

Nov. 21, 2024, 3:14 a.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

3.6

Exploitability Score :

2.2
Public PoC/Exploit Available at Github

CVE-2017-15361 has a 18 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2017-15361 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Acer c720_chromebook
2 Acer chromebase
3 Acer chromebase_24
4 Acer chromebook_11_c730
5 Acer chromebook_11_c730e
6 Acer chromebook_11_c735
7 Acer chromebook_11_c740
8 Acer chromebook_11_c771
9 Acer chromebook_11_c771t
10 Acer chromebook_11_n7_c731
11 Acer chromebook_13_cb5-311
12 Acer chromebook_14_cb3-431
13 Acer chromebook_14_for_work_cp5-471
14 Acer chromebook_15_cb3-531
15 Acer chromebook_15_cb3-532
16 Acer chromebook_15_cb5-571
17 Acer chromebook_r11
18 Acer chromebook_r13_cb5-312t
19 Acer chromebox
20 Acer chromebox_cxi2
1 Hp chromebook
2 Hp chromebook_11-vxxx
3 Hp chromebook_11_1100-1199
4 Hp chromebook_11_2000-2099
5 Hp chromebook_11_2100-2199
6 Hp chromebook_11_2200-2299
7 Hp chromebook_11_g1
8 Hp chromebook_11_g2
9 Hp chromebook_11_g3
10 Hp chromebook_11_g4\/g4_ee
11 Hp chromebook_11_g5
12 Hp chromebook_11_g5_ee
13 Hp chromebook_13_g1
14 Hp chromebook_14
15 Hp chromebook_14_ak000-099
16 Hp chromebook_14_g3
17 Hp chromebook_14_g4
18 Hp chromebook_14_x000-x999
19 Hp chromebox_cb1-\(000-099\)
20 Hp chromebox_g1
1 Asus chromebit_cs10
2 Asus chromebook_c200
3 Asus chromebook_c201pa
4 Asus chromebook_c202sa
5 Asus chromebook_c300
6 Asus chromebook_c300sa
7 Asus chromebook_c301sa
8 Asus chromebook_flip_c100pa
9 Asus chromebook_flip_c302
10 Asus chromebox_cn60
11 Asus chromebox_cn62
1 Lenovo 100s_chromebook
2 Lenovo n20_chromebook
3 Lenovo n21_chromebook
4 Lenovo n22_chromebook
5 Lenovo n23_chromebook
6 Lenovo n23_flex_11_chromebook
7 Lenovo n23_yoga_11_chromebook
8 Lenovo n42_chromebook
9 Lenovo thinkcentre_chromebox
10 Lenovo thinkpad_11e_chromebook
11 Lenovo thinkpad_13_chromebook
1 Dell chromebook_11
2 Dell chromebook_11_3120
3 Dell chromebook_11_3189
4 Dell chromebook_11_model_3180
5 Dell chromebook_13_3380
6 Dell chromebox
1 Samsung chromebook_2_11
2 Samsung chromebook_2_11_xe500c12
3 Samsung chromebook_2_13
4 Samsung chromebook_3
5 Samsung chromebook_plus
6 Samsung chromebook_pro
1 Ctl j2_chromebook
2 Ctl j4_chromebook
3 Ctl j5_chromebook
4 Ctl n6_chromebook
5 Ctl nl61_chromebook
1 Edugear chromebook_k
2 Edugear chromebook_m
3 Edugear chromebook_r
4 Edugear cmt_chromebook
1 Haier chromebook_11
2 Haier chromebook_11_c
3 Haier chromebook_11_g2
4 Haier chromebook_11e
1 Aopen chromebase
2 Aopen chromebox
3 Aopen chromeboxi
1 Infineon trusted_platform_firmware
2 Infineon rsa_library
1 Edxis chromebook
2 Edxis education_chromebook
1 Lg chromebase_22cb25s
2 Lg chromebase_22cv241
1 Medion akoya_s2013
2 Medion chromebook_s2015
1 Mercer chromebook
2 Mercer v2_chromebook
1 Poin2 chromebook_11
2 Poin2 chromebook_14
1 Prowise entry_line_chromebook
2 Prowise proline_chromebook
1 Toshiba chromebook
2 Toshiba chromebook_2
1 True idc_chromebook
2 True idc_chromebook_11
1 Videonet chromebook
2 Videonet chromebook_bl10
1 Viglen chromebook_11
2 Viglen chromebook_360
1 Google pixel
1 Asi chromebook
1 Bobicus chromebook_11
1 Epik chromebook_elb1101
1 Hexa chromebook_pi
1 Hisense chromebook_11
1 Ncomputing chromebook_cx100
1 Nexian chromebook
1 Pcmerge chromebook_pcm-116t-432b
1 Positivo chromebook_ch1190
1 Rgs education_chromebook
1 Sector-five e1_rugged_chromebook
1 Senkatel c1101_chromebook
1 Xolo chromebook
: Total Affected Vendor : 35 | Products : 126
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2017-15361.

URL Resource
http://support.lenovo.com/us/en/product_security/LEN-15552 Mitigation Third Party Advisory
http://www.securityfocus.com/bid/101484 Third Party Advisory VDB Entry
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ Issue Tracking Third Party Advisory
https://blog.cr.yp.to/20171105-infineon.html
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
https://crocs.fi.muni.cz/public/papers/rsa_ccs17 Issue Tracking Mitigation Third Party Advisory
https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ Issue Tracking Third Party Advisory
https://github.com/crocs-muni/roca Mitigation Third Party Advisory
https://github.com/iadgov/Detect-CVE-2017-15361-TPM Mitigation Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
https://keychest.net/roca Issue Tracking Mitigation Third Party Advisory
https://monitor.certipath.com/rsatest Mitigation Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20171024-0001/
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update Issue Tracking Mitigation Patch Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Mitigation Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
https://www.kb.cert.org/vuls/id/307015 Issue Tracking Mitigation Third Party Advisory US Government Resource
https://www.yubico.com/support/security-advisories/ysa-2017-01/ Mitigation Third Party Advisory
http://support.lenovo.com/us/en/product_security/LEN-15552 Mitigation Third Party Advisory
http://www.securityfocus.com/bid/101484 Third Party Advisory VDB Entry
https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ Issue Tracking Third Party Advisory
https://blog.cr.yp.to/20171105-infineon.html
https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf
https://crocs.fi.muni.cz/public/papers/rsa_ccs17 Issue Tracking Mitigation Third Party Advisory
https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ Issue Tracking Third Party Advisory
https://github.com/crocs-muni/roca Mitigation Third Party Advisory
https://github.com/iadgov/Detect-CVE-2017-15361-TPM Mitigation Third Party Advisory
https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01
https://keychest.net/roca Issue Tracking Mitigation Third Party Advisory
https://monitor.certipath.com/rsatest Mitigation Third Party Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20171024-0001/
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update Issue Tracking Mitigation Patch Third Party Advisory
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Mitigation Vendor Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html
https://www.kb.cert.org/vuls/id/307015 Issue Tracking Mitigation Third Party Advisory US Government Resource
https://www.yubico.com/support/security-advisories/ysa-2017-01/ Mitigation Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
wm-team/WMCTF-2023

None

Solidity Python Dockerfile Shell JavaScript Batchfile Go

Updated: 4 months, 2 weeks ago
36 stars 3 fork 3 watcher
Born at : Aug. 21, 2023, 2:43 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
lnick2023/nicenice

None

Updated: 1 year, 10 months ago
0 stars 0 fork 0 watcher
Born at : Jan. 11, 2023, 1:21 p.m. This repo has been linked 1042 different CVEs too.
Profile Photo
giterlizzi/secdb-feeds

SecDB

Updated: 3 months ago
0 stars 0 fork 0 watcher
Born at : July 1, 2022, 8:37 p.m. This repo has been linked 82 different CVEs too.
Profile Photo
google/paranoid_crypto

Paranoid's library contains implementations of checks for well known weaknesses on cryptographic artifacts.

cryptography security

Python C++ Dockerfile

Updated: 3 months ago
784 stars 43 fork 43 watcher
Born at : May 9, 2022, 1:54 p.m. This repo has been linked 4 different CVEs too.
Profile Photo
crocs-muni/scrutiny

An automated toolkit to analyze and detect changes in secure hardware and cryptographic libraries. SCRUTINY provides high-level frameworks to build and later verify profiles against reference and produce detailed HTML reports. For now, SCRUTINY is capable of analyzing JavaCard, TPM, SED, and cryptolibs.

smartcard javacard certification card verify cryptography ecc rsa sed tpm

Python JavaScript CSS

Updated: 2 days, 16 hours ago
4 stars 0 fork 0 watcher
Born at : Feb. 17, 2021, 11:05 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
Elbarbons/ROCA-attack-on-vulnerability-CVE-2017-15361

ROCA attack on vulnerability CVE-2017-15361

python rsa-cryptography vulnerability-detection

Python

Updated: 10 months ago
0 stars 0 fork 0 watcher
Born at : Nov. 2, 2020, 2:12 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
xbl3/awesome-cve-poc_qazbnm456

None

Updated: 3 months, 1 week ago
13 stars 4 fork 4 watcher
Born at : May 25, 2020, 7:51 a.m. This repo has been linked 1027 different CVEs too.
Profile Photo
brunoproduit/roca

Implementation of the ROCA attack

rsa roca infineon rsa-keys python cve-2017-15361

Python Shell Sage

Updated: 3 months, 1 week ago
17 stars 1 fork 1 watcher
Born at : May 15, 2019, 6:07 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
iadgov/we-have-moved

iadgov is now nsacyber. https://github.com/nsacyber

iadgov nsacyber

Updated: 2 years, 1 month ago
4 stars 2 fork 2 watcher
Born at : June 5, 2018, 7:47 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
nuclearcat/cedarkey

$2 hardware SSH keys storage

ssh ssh-key stm32 rsa

C Makefile C++ Shell

Updated: 2 months, 2 weeks ago
154 stars 8 fork 8 watcher
Born at : Nov. 14, 2017, 3:16 p.m. This repo has been linked 2 different CVEs too.
Profile Photo
0xxon/roca

Reimplementation of CVE-2017-15361 checker in C

Makefile C

Updated: 7 years ago
0 stars 0 fork 0 watcher
Born at : Oct. 25, 2017, 3:16 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
0xxon/zeek-plugin-roca

Bro plugin to check if certificates are affected by CVE-2017-15361

CMake Makefile Shell Bro C++ C

Updated: 5 years, 6 months ago
3 stars 2 fork 2 watcher
Born at : Oct. 25, 2017, 1:10 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
nsacyber/Detect-CVE-2017-15361-TPM

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

tpm trusted-platform-module nessus audit cve vulnerability rsa

PowerShell Shell

Updated: 3 months, 1 week ago
53 stars 27 fork 27 watcher
Born at : Oct. 19, 2017, 8:02 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
jnpuskar/RocaCmTest

Windows tool that analyzes your computer for Infineon TPM weak RSA keys (CVE-2017-15361)

C#

Updated: 1 year, 3 months ago
1 stars 0 fork 0 watcher
Born at : Oct. 19, 2017, 1:42 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
titanous/rocacheck

Go package that checks if RSA keys are vulnerable to ROCA / CVE-2017-15361

Go

Updated: 11 months ago
14 stars 6 fork 6 watcher
Born at : Oct. 17, 2017, 5:08 p.m. This repo has been linked 1 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2017-15361 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2017-15361 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • CVE Modified by [email protected]

    May. 14, 2024

    Action Type Old Value New Value
  • CWE Remap by [email protected]

    Oct. 03, 2019

    Action Type Old Value New Value
    Changed CWE CWE-310 NVD-CWE-noinfo
  • CVE Modified by [email protected]

    Sep. 14, 2018

    Action Type Old Value New Value
    Added Reference https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00148.html [No Types Assigned]
    Added Reference https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00104.html [No Types Assigned]
  • CVE Modified by [email protected]

    May. 11, 2018

    Action Type Old Value New Value
    Added Reference https://cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf [No Types Assigned]
  • CVE Modified by [email protected]

    May. 10, 2018

    Action Type Old Value New Value
    Added Reference https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03801en_us [No Types Assigned]
    Added Reference https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03789en_us [No Types Assigned]
  • CVE Modified by [email protected]

    Mar. 01, 2018

    Action Type Old Value New Value
    Added Reference https://ics-cert.us-cert.gov/advisories/ICSA-18-058-01 [No Types Assigned]
  • CVE Modified by [email protected]

    Dec. 04, 2017

    Action Type Old Value New Value
    Added Reference https://blog.cr.yp.to/20171105-infineon.html [No Types Assigned]
  • CVE Modified by [email protected]

    Nov. 10, 2017

    Action Type Old Value New Value
    Added Reference https://security.netapp.com/advisory/ntap-20171024-0001/ [No Types Assigned]
  • Initial Analysis by [email protected]

    Nov. 08, 2017

    Action Type Old Value New Value
    Added CVSS V2 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
    Added CVSS V3 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
    Changed Reference Type https://monitor.certipath.com/rsatest No Types Assigned https://monitor.certipath.com/rsatest Mitigation, Third Party Advisory
    Changed Reference Type https://www.kb.cert.org/vuls/id/307015 No Types Assigned https://www.kb.cert.org/vuls/id/307015 Issue Tracking, Mitigation, Third Party Advisory, US Government Resource
    Changed Reference Type https://keychest.net/roca No Types Assigned https://keychest.net/roca Issue Tracking, Mitigation, Third Party Advisory
    Changed Reference Type https://www.yubico.com/support/security-advisories/ysa-2017-01/ No Types Assigned https://www.yubico.com/support/security-advisories/ysa-2017-01/ Mitigation, Third Party Advisory
    Changed Reference Type https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ No Types Assigned https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ Issue Tracking, Third Party Advisory
    Changed Reference Type https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update No Types Assigned https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update Issue Tracking, Mitigation, Patch, Third Party Advisory
    Changed Reference Type https://crocs.fi.muni.cz/public/papers/rsa_ccs17 No Types Assigned https://crocs.fi.muni.cz/public/papers/rsa_ccs17 Issue Tracking, Mitigation, Third Party Advisory
    Changed Reference Type https://github.com/iadgov/Detect-CVE-2017-15361-TPM No Types Assigned https://github.com/iadgov/Detect-CVE-2017-15361-TPM Mitigation, Third Party Advisory
    Changed Reference Type https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ No Types Assigned https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/ Issue Tracking, Third Party Advisory
    Changed Reference Type http://www.securityfocus.com/bid/101484 No Types Assigned http://www.securityfocus.com/bid/101484 Third Party Advisory, VDB Entry
    Changed Reference Type https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 No Types Assigned https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012 Issue Tracking, Patch, Third Party Advisory
    Changed Reference Type https://github.com/crocs-muni/roca No Types Assigned https://github.com/crocs-muni/roca Mitigation, Third Party Advisory
    Changed Reference Type https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 No Types Assigned https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160 Mitigation, Vendor Advisory
    Changed Reference Type http://support.lenovo.com/us/en/product_security/LEN-15552 No Types Assigned http://support.lenovo.com/us/en/product_security/LEN-15552 Mitigation, Third Party Advisory
    Added CWE CWE-310
    Added CPE Configuration AND OR *cpe:2.3:o:infineon:trusted_platform_firmware:4.31:*:*:*:*:*:*:* *cpe:2.3:o:infineon:trusted_platform_firmware:4.32:*:*:*:*:*:*:* *cpe:2.3:o:infineon:trusted_platform_firmware:6.40:*:*:*:*:*:*:* *cpe:2.3:o:infineon:trusted_platform_firmware:133.32:*:*:*:*:*:*:* OR cpe:2.3:h:acer:c720_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebase:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebase_24:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_11_c730:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_11_c730e:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_11_c735:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_11_c740:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_11_c771:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_11_c771t:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_11_n7_c731:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_13_cb5-311:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_14_cb3-431:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_14_for_work_cp5-471:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_15_cb3-531:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_15_cb3-532:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_15_cb5-571:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_r11:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebook_r13_cb5-312t:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebox:-:*:*:*:*:*:*:* cpe:2.3:h:acer:chromebox_cxi2:-:*:*:*:*:*:*:* cpe:2.3:h:aopen:chromebase:-:*:commercial:*:*:*:*:* cpe:2.3:h:aopen:chromebase:-:*:mini:*:*:*:*:* cpe:2.3:h:aopen:chromebox:-:*:commercial:*:*:*:*:* cpe:2.3:h:aopen:chromeboxi:-:*:mini:*:*:*:*:* cpe:2.3:h:asi:chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebit_cs10:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_c200:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_c201pa:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_c202sa:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_c300:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_c300sa:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_c301sa:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_flip_c100pa:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebook_flip_c302:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebox_cn60:-:*:*:*:*:*:*:* cpe:2.3:h:asus:chromebox_cn62:-:*:*:*:*:*:*:* cpe:2.3:h:bobicus:chromebook_11:*:*:*:*:*:*:*:* cpe:2.3:h:ctl:j2_chromebook:-:*:*:*:*:education:*:* cpe:2.3:h:ctl:j4_chromebook:-:*:*:*:*:education:*:* cpe:2.3:h:ctl:j5_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:ctl:n6_chromebook:-:*:*:*:*:education:*:* cpe:2.3:h:ctl:nl61_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:dell:chromebook_11:-:*:*:*:*:*:*:* cpe:2.3:h:dell:chromebook_11_3120:-:*:*:*:*:*:*:* cpe:2.3:h:dell:chromebook_11_3189:-:*:*:*:*:*:*:* cpe:2.3:h:dell:chromebook_11_model_3180:-:*:*:*:*:*:*:* cpe:2.3:h:dell:chromebook_13_3380:-:*:*:*:*:*:*:* cpe:2.3:h:dell:chromebox:-:*:*:*:*:*:*:* cpe:2.3:h:edugear:chromebook_k:-:*:*:*:*:*:*:* cpe:2.3:h:edugear:chromebook_m:-:*:*:*:*:*:*:* cpe:2.3:h:edugear:chromebook_r:-:*:*:*:*:*:*:* cpe:2.3:h:edugear:cmt_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:edxis:chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:edxis:education_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:epik:chromebook_elb1101:-:*:*:*:*:*:*:* cpe:2.3:h:google:pixel:-:*:*:*:*:*:*:* cpe:2.3:h:haier:chromebook_11:-:*:*:*:*:*:*:* cpe:2.3:h:haier:chromebook_11_c:-:*:*:*:*:*:*:* cpe:2.3:h:haier:chromebook_11_g2:-:*:*:*:*:*:*:* cpe:2.3:h:haier:chromebook_11e:-:*:*:*:*:*:*:* cpe:2.3:h:hexa:chromebook_pi:-:*:*:*:*:*:*:* cpe:2.3:h:hisense:chromebook_11:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook:-:*:*:*:*:meetings:*:* cpe:2.3:h:hp:chromebook_11-vxxx:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_1100-1199:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_2000-2099:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_2100-2199:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_2200-2299:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_g1:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_g2:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_g3:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_g4\/g4_ee:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_g5:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_11_g5_ee:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_13_g1:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_14:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_14_ak000-099:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_14_g3:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_14_g4:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebook_14_x000-x999:-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebox_cb1-\(000-099\):-:*:*:*:*:*:*:* cpe:2.3:h:hp:chromebox_g1:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:100s_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n20_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n21_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n22_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n23_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n23_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n23_flex_11_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n23_yoga_11_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:n42_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkcentre_chromebox:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_11e_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lenovo:thinkpad_13_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:lg:chromebase_22cb25s:-:*:*:*:*:*:*:* cpe:2.3:h:lg:chromebase_22cv241:-:*:*:*:*:*:*:* cpe:2.3:h:medion:akoya_s2013:-:*:*:*:*:*:*:* cpe:2.3:h:medion:chromebook_s2015:-:*:*:*:*:*:*:* cpe:2.3:h:mercer:chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:mercer:v2_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:ncomputing:chromebook_cx100:-:*:*:*:*:*:*:* cpe:2.3:h:nexian:chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:pcmerge:chromebook_pcm-116t-432b:-:*:*:*:*:*:*:* cpe:2.3:h:poin2:chromebook_11:-:*:*:*:*:*:*:* cpe:2.3:h:poin2:chromebook_14:-:*:*:*:*:*:*:* cpe:2.3:h:positivo:chromebook_ch1190:-:*:*:*:*:*:*:* cpe:2.3:h:prowise:entry_line_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:prowise:proline_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:rgs:education_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:samsung:chromebook_2_11:-:*:*:*:*:*:*:* cpe:2.3:h:samsung:chromebook_2_11_xe500c12:-:*:*:*:*:*:*:* cpe:2.3:h:samsung:chromebook_2_13:-:*:*:*:*:*:*:* cpe:2.3:h:samsung:chromebook_3:-:*:*:*:*:*:*:* cpe:2.3:h:samsung:chromebook_plus:-:*:*:*:*:*:*:* cpe:2.3:h:samsung:chromebook_pro:-:*:*:*:*:*:*:* cpe:2.3:h:sector-five:e1_rugged_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:senkatel:c1101_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:toshiba:chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:toshiba:chromebook_2:-:*:*:*:*:*:*:* cpe:2.3:h:toshiba:chromebook_2:-:*:2015:*:*:*:*:* cpe:2.3:h:true:idc_chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:true:idc_chromebook_11:-:*:*:*:*:*:*:* cpe:2.3:h:videonet:chromebook:-:*:*:*:*:*:*:* cpe:2.3:h:videonet:chromebook_bl10:-:*:*:*:*:*:*:* cpe:2.3:h:viglen:chromebook_11:-:*:*:*:*:*:*:* cpe:2.3:h:viglen:chromebook_360:-:*:*:*:*:*:*:* cpe:2.3:h:xolo:chromebook:-:*:*:*:*:*:*:*
    Added CPE Configuration OR *cpe:2.3:a:infineon:rsa_library:1.02.013:*:*:*:*:*:*:* (and previous)
  • CVE Modified by [email protected]

    Nov. 01, 2017

    Action Type Old Value New Value
    Added Reference https://monitor.certipath.com/rsatest [No Types Assigned]
    Added Reference https://keychest.net/roca [No Types Assigned]
    Added Reference https://github.com/crocs-muni/roca [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 31, 2017

    Action Type Old Value New Value
    Added Reference https://www.kb.cert.org/vuls/id/307015 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 25, 2017

    Action Type Old Value New Value
    Added Reference https://github.com/iadgov/Detect-CVE-2017-15361-TPM [No Types Assigned]
    Added Reference http://www.securityfocus.com/bid/101484 [No Types Assigned]
  • CVE Modified by [email protected]

    Oct. 23, 2017

    Action Type Old Value New Value
    Changed Description The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 PGP key generation, and the Cached User Data encryption feature in Chrome OS. The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.
    Added Reference https://www.yubico.com/support/security-advisories/ysa-2017-01/ [No Types Assigned]
    Added Reference https://dan.enigmabridge.com/roca-vulnerability-impact-on-gemalto-idprime-net-smart-cards/ [No Types Assigned]
    Added Reference http://support.lenovo.com/us/en/product_security/LEN-15552 [No Types Assigned]
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2017-15361 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2017-15361 weaknesses.

Exploit Prediction

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days.

0.38 }} 0.02%

score

0.73082

percentile

CVSS30 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: