CVE-2017-15361

Summary

CVE	CVE-2017-15361
State	PUBLISHED
Assigner	mitre
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-10-16 17:29:00 UTC
Updated	2025-04-20 01:37:25 UTC
Description	The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Risk And Classification

Primary CVSS: v3.0 5.9 MEDIUM from [email protected]

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Problem Types: NVD-CWE-noinfo | n/a

Version	Source	Type	Score	Severity	Vector
3.0	[email protected]	Primary	5.9	MEDIUM	`CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`
2.0	[email protected]	Primary	4.3		`AV:N/AC:M/Au:N/C:P/I:N/A:N`

CVSS v3.0 Breakdown

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2.0 Breakdown

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

AV:N/AC:M/Au:N/C:P/I:N/A:N

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Acer	C720 Chromebook	-	All	All	All
Hardware	Acer	Chromebase	-	All	All	All
Hardware	Acer	Chromebase 24	-	All	All	All
Hardware	Acer	Chromebook 11 C730	-	All	All	All
Hardware	Acer	Chromebook 11 C730e	-	All	All	All
Hardware	Acer	Chromebook 11 C735	-	All	All	All
Hardware	Acer	Chromebook 11 C740	-	All	All	All
Hardware	Acer	Chromebook 11 C771	-	All	All	All
Hardware	Acer	Chromebook 11 C771t	-	All	All	All
Hardware	Acer	Chromebook 11 N7 C731	-	All	All	All
Hardware	Acer	Chromebook 13 Cb5-311	-	All	All	All
Hardware	Acer	Chromebook 14 Cb3-431	-	All	All	All
Hardware	Acer	Chromebook 14 For Work Cp5-471	-	All	All	All
Hardware	Acer	Chromebook 15 Cb3-531	-	All	All	All
Hardware	Acer	Chromebook 15 Cb3-532	-	All	All	All
Hardware	Acer	Chromebook 15 Cb5-571	-	All	All	All
Hardware	Acer	Chromebook R11	-	All	All	All
Hardware	Acer	Chromebook R13 Cb5-312t	-	All	All	All
Hardware	Acer	Chromebox	-	All	All	All
Hardware	Acer	Chromebox Cxi2	-	All	All	All
Hardware	Aopen	Chromebase	-	All	commercial	All
Hardware	Aopen	Chromebase	-	All	mini	All
Hardware	Aopen	Chromebox	-	All	commercial	All
Hardware	Aopen	Chromeboxi	-	All	mini	All
Hardware	Asi	Chromebook	-	All	All	All
Hardware	Asus	Chromebit Cs10	-	All	All	All
Hardware	Asus	Chromebook C200	-	All	All	All
Hardware	Asus	Chromebook C201pa	-	All	All	All
Hardware	Asus	Chromebook C202sa	-	All	All	All
Hardware	Asus	Chromebook C300	-	All	All	All
Hardware	Asus	Chromebook C300sa	-	All	All	All
Hardware	Asus	Chromebook C301sa	-	All	All	All
Hardware	Asus	Chromebook Flip C100pa	-	All	All	All
Hardware	Asus	Chromebook Flip C302	-	All	All	All
Hardware	Asus	Chromebox Cn60	-	All	All	All
Hardware	Asus	Chromebox Cn62	-	All	All	All
Hardware	Bobicus	Chromebook 11	All	All	All	All
Hardware	Ctl	J2 Chromebook	-	All	All	All
Hardware	Ctl	J4 Chromebook	-	All	All	All
Hardware	Ctl	J5 Chromebook	-	All	All	All
Hardware	Ctl	N6 Chromebook	-	All	All	All
Hardware	Ctl	Nl61 Chromebook	-	All	All	All
Hardware	Dell	Chromebook 11	-	All	All	All
Hardware	Dell	Chromebook 11 3120	-	All	All	All
Hardware	Dell	Chromebook 11 3189	-	All	All	All
Hardware	Dell	Chromebook 11 Model 3180	-	All	All	All
Hardware	Dell	Chromebook 13 3380	-	All	All	All
Hardware	Dell	Chromebox	-	All	All	All
Hardware	Edugear	Chromebook K	-	All	All	All
Hardware	Edugear	Chromebook M	-	All	All	All
Hardware	Edugear	Chromebook R	-	All	All	All
Hardware	Edugear	Cmt Chromebook	-	All	All	All
Hardware	Edxis	Chromebook	-	All	All	All
Hardware	Edxis	Education Chromebook	-	All	All	All
Hardware	Epik	Chromebook Elb1101	-	All	All	All
Hardware	Google	Pixel	-	All	All	All
Hardware	Haier	Chromebook 11	-	All	All	All
Hardware	Haier	Chromebook 11e	-	All	All	All
Hardware	Haier	Chromebook 11 C	-	All	All	All
Hardware	Haier	Chromebook 11 G2	-	All	All	All
Hardware	Hexa	Chromebook Pi	-	All	All	All
Hardware	Hisense	Chromebook 11	-	All	All	All
Hardware	Hp	Chromebook	-	All	All	All
Hardware	Hp	Chromebook 11-vxxx	-	All	All	All
Hardware	Hp	Chromebook 11 1100-1199	-	All	All	All
Hardware	Hp	Chromebook 11 2000-2099	-	All	All	All
Hardware	Hp	Chromebook 11 2100-2199	-	All	All	All
Hardware	Hp	Chromebook 11 2200-2299	-	All	All	All
Hardware	Hp	Chromebook 11 G1	-	All	All	All
Hardware	Hp	Chromebook 11 G2	-	All	All	All
Hardware	Hp	Chromebook 11 G3	-	All	All	All
Hardware	Hp	Chromebook 11 G4/g4 Ee	-	All	All	All
Hardware	Hp	Chromebook 11 G5	-	All	All	All
Hardware	Hp	Chromebook 11 G5 Ee	-	All	All	All
Hardware	Hp	Chromebook 13 G1	-	All	All	All
Hardware	Hp	Chromebook 14	-	All	All	All
Hardware	Hp	Chromebook 14 Ak000-099	-	All	All	All
Hardware	Hp	Chromebook 14 G3	-	All	All	All
Hardware	Hp	Chromebook 14 G4	-	All	All	All
Hardware	Hp	Chromebook 14 X000-x999	-	All	All	All
Hardware	Hp	Chromebox Cb1-000-099	-	All	All	All
Hardware	Hp	Chromebox G1	-	All	All	All
Application	Infineon	Rsa Library	All	All	All	All
Operating System	Infineon	Trusted Platform Firmware	133.32	All	All	All
Operating System	Infineon	Trusted Platform Firmware	4.31	All	All	All
Operating System	Infineon	Trusted Platform Firmware	4.32	All	All	All
Operating System	Infineon	Trusted Platform Firmware	6.40	All	All	All
Hardware	Lenovo	100s Chromebook	-	All	All	All
Hardware	Lenovo	N20 Chromebook	-	All	All	All
Hardware	Lenovo	N21 Chromebook	-	All	All	All
Hardware	Lenovo	N22 Chromebook	-	All	All	All
Hardware	Lenovo	N23 Chromebook	-	All	All	All
Hardware	Lenovo	N23 Flex 11 Chromebook	-	All	All	All
Hardware	Lenovo	N23 Yoga 11 Chromebook	-	All	All	All
Hardware	Lenovo	N42 Chromebook	-	All	All	All
Hardware	Lenovo	Thinkcentre Chromebox	-	All	All	All
Hardware	Lenovo	Thinkpad 11e Chromebook	-	All	All	All
Hardware	Lenovo	Thinkpad 13 Chromebook	-	All	All	All
Hardware	Lg	Chromebase 22cb25s	-	All	All	All
Hardware	Lg	Chromebase 22cv241	-	All	All	All
Hardware	Medion	Akoya S2013	-	All	All	All
Hardware	Medion	Chromebook S2015	-	All	All	All
Hardware	Mercer	Chromebook	-	All	All	All
Hardware	Mercer	V2 Chromebook	-	All	All	All
Hardware	Ncomputing	Chromebook Cx100	-	All	All	All
Hardware	Nexian	Chromebook	-	All	All	All
Hardware	Pcmerge	Chromebook Pcm-116t-432b	-	All	All	All
Hardware	Poin2	Chromebook 11	-	All	All	All
Hardware	Poin2	Chromebook 14	-	All	All	All
Hardware	Positivo	Chromebook Ch1190	-	All	All	All
Hardware	Prowise	Entry Line Chromebook	-	All	All	All
Hardware	Prowise	Proline Chromebook	-	All	All	All
Hardware	Rgs	Education Chromebook	-	All	All	All
Hardware	Samsung	Chromebook 2 11	-	All	All	All
Hardware	Samsung	Chromebook 2 11 Xe500c12	-	All	All	All
Hardware	Samsung	Chromebook 2 13	-	All	All	All
Hardware	Samsung	Chromebook 3	-	All	All	All
Hardware	Samsung	Chromebook Plus	-	All	All	All
Hardware	Samsung	Chromebook Pro	-	All	All	All
Hardware	Sector-five	E1 Rugged Chromebook	-	All	All	All
Hardware	Senkatel	C1101 Chromebook	-	All	All	All
Hardware	Toshiba	Chromebook	-	All	All	All
Hardware	Toshiba	Chromebook 2	-	All	All	All
Hardware	Toshiba	Chromebook 2	-	All	2015	All
Hardware	True	Idc Chromebook	-	All	All	All
Hardware	True	Idc Chromebook 11	-	All	All	All
Hardware	Videonet	Chromebook	-	All	All	All
Hardware	Videonet	Chromebook Bl10	-	All	All	All
Hardware	Viglen	Chromebook 11	-	All	All	All
Hardware	Viglen	Chromebook 360	-	All	All	All
Hardware	Xolo	Chromebook	-	All	All	All

Vendor Declared Affected Products

Source	Vendor	Product	Version	Platforms
CNA	Na	N/a	affected n/a	Not specified

References

Reference	Source	Link	Tags
cert-portal.siemens.com/productcert/pdf/ssa-470231.pdf	af854a3a-2127-422b-91ae-364da2661108	cert-portal.siemens.com
ROCA vulnerability impact on Gemalto IDPrime .NET smart cards – Magic of Security	af854a3a-2127-422b-91ae-364da2661108	dan.enigmabridge.com	Issue Tracking, Third Party Advisory
Millions of high-security crypto keys crippled by newly discovered flaw \| Ars Technica	af854a3a-2127-422b-91ae-364da2661108	arstechnica.com	Issue Tracking, Third Party Advisory
Vulnerability Note VU#307015 - Infineon RSA library does not properly generate RSA key pairs	af854a3a-2127-422b-91ae-364da2661108	www.kb.cert.org	Issue Tracking, Mitigation, Third Party Advisory, US Government Resource
Infineon RSA Library CVE-2017-15361 Cryptographic Security Bypass Vulnerability	af854a3a-2127-422b-91ae-364da2661108	www.securityfocus.com	Third Party Advisory, VDB Entry
GitHub - crocs-muni/roca: ROCA: Infineon RSA key vulnerability	af854a3a-2127-422b-91ae-364da2661108	github.com	Mitigation, Third Party Advisory
Trusted Platform Module firmware vulnerability: technical documentation - The Chromium Projects	af854a3a-2127-422b-91ae-364da2661108	sites.google.com	Issue Tracking, Mitigation, Patch, Third Party Advisory
TrustMonitor ROCA Vulnerability Test	af854a3a-2127-422b-91ae-364da2661108	monitor.certipath.com	Mitigation, Third Party Advisory
Security Advisory 2017-10-16 \| Yubico	af854a3a-2127-422b-91ae-364da2661108	www.yubico.com	Mitigation, Third Party Advisory
CVE-2017-15361 Infineon RSA Library Vulnerability in NetApp Products \| NetApp Product Security	af854a3a-2127-422b-91ae-364da2661108	security.netapp.com
RSA Keys Generated by Infineon TPMs are Insecure	af854a3a-2127-422b-91ae-364da2661108	support.lenovo.com	Mitigation, Third Party Advisory
ICS-CERT Advisories \| ICS-CERT	af854a3a-2127-422b-91ae-364da2661108	ics-cert.us-cert.gov
GitHub - nsacyber/Detect-CVE-2017-15361-TPM: Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber	af854a3a-2127-422b-91ae-364da2661108	github.com	Mitigation, Third Party Advisory
INTEL-SA-00104	af854a3a-2127-422b-91ae-364da2661108	www.intel.com
cr.yp.to: 2017.11.05: Reconstructing ROCA	af854a3a-2127-422b-91ae-364da2661108	blog.cr.yp.to
Document Display \| HPE Support Center	af854a3a-2127-422b-91ae-364da2661108	support.hpe.com
ROCA: Vulnerable RSA generation (CVE-2017-15361) [CRoCS wiki]	af854a3a-2127-422b-91ae-364da2661108	crocs.fi.muni.cz	Issue Tracking, Mitigation, Third Party Advisory
Document Display \| HPE Support Center	af854a3a-2127-422b-91ae-364da2661108	support.hpe.com
INTEL-SA-00148	af854a3a-2127-422b-91ae-364da2661108	www.intel.com
portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012	af854a3a-2127-422b-91ae-364da2661108	portal.msrc.microsoft.com	Issue Tracking, Patch, Third Party Advisory
TPM update - Infineon Technologies	af854a3a-2127-422b-91ae-364da2661108	www.infineon.com	Mitigation, Vendor Advisory
KeyChest - Profile	af854a3a-2127-422b-91ae-364da2661108	keychest.net	Issue Tracking, Mitigation, Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.