CVE-2017-16242

EPSS 0.52%
Veröffentlicht 22.03.2018 15:29:00
Zuletzt bearbeitet 21.11.2024 03:16:06
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Meco ≫ Usb Memory Stick With Fingerprint Firwmare Version-

Meco ≫ Usb Memory Stick With Fingerprint Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.52%	0.398

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	0.9	5.9	CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335

Third Party Advisory

https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard%28ware%29-Way.pdf

https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443

Third Party Advisory

https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-16242

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-16242

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-16242

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2017-16242