6

CVE-2017-7932

EPSS 0.03%
Veröffentlicht 07.08.2017 08:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle ics-cert@hq.dhs.gov
Teams Watchlist Login
Unerledigt Login

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nxp ≫ Vybrid Mvf30nn151cku26 Firmware Version-

Nxp ≫ Vybrid Mvf30nn151cku26 Version-

Nxp ≫ Vybrid Mvf30ns151cku26 Firmware Version-

Nxp ≫ Vybrid Mvf30ns151cku26 Version-

Nxp ≫ Vybrid Mvf50nn151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf50nn151cmk40 Version-

Nxp ≫ Vybrid Mvf50nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf50nn151cmk50 Version-

Nxp ≫ Vybrid Mvf50ns151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf50ns151cmk40 Version-

Nxp ≫ Vybrid Mvf50ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf50ns151cmk50 Version-

Nxp ≫ Vybrid Mvf51nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf51nn151cmk50 Version-

Nxp ≫ Vybrid Mvf51ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf51ns151cmk50 Version-

Nxp ≫ Vybrid Mvf60nn151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf60nn151cmk40 Version-

Nxp ≫ Vybrid Mvf60ns151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf60ns151cmk40 Version-

Nxp ≫ Vybrid Mvf60nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf60nn151cmk50 Version-

Nxp ≫ Vybrid Mvf60ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf60ns151cmk50 Version-

Nxp ≫ Vybrid Mvf61nn151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf61nn151cmk50 Version-

Nxp ≫ Vybrid Mvf61ns151cmk50 Firmware Version-

Nxp ≫ Vybrid Mvf61ns151cmk50 Version-

Nxp ≫ Vybrid Mvf62nn151cmk40 Firmware Version-

Nxp ≫ Vybrid Mvf62nn151cmk40 Version-

Nxp ≫ I.Mx 50 Firmware Version-

Nxp ≫ I.Mx 50 Version-

Nxp ≫ I.Mx 53 Firmware Version-

Nxp ≫ I.Mx 53 Version-

Nxp ≫ I.Mx 6ull Firmware Version-

Nxp ≫ I.Mx 6ull Version-

Nxp ≫ I.Mx 6ultralite Firmware Version-

Nxp ≫ I.Mx 6ultralite Version-

Nxp ≫ I.Mx 6sololite Firmware Version-

Nxp ≫ I.Mx 6sololite Version-

Nxp ≫ I.Mx 6solo Firmware Version-

Nxp ≫ I.Mx 6solo Version-

Nxp ≫ I.Mx 6duallite Firmware Version-

Nxp ≫ I.Mx 6duallite Version-

Nxp ≫ I.Mx 6solox Firmware Version-

Nxp ≫ I.Mx 6solox Version-

Nxp ≫ I.Mx 6dual Firmware Version-

Nxp ≫ I.Mx 6dual Version-

Nxp ≫ I.Mx 6quad Firmware Version-

Nxp ≫ I.Mx 6quad Version-

Nxp ≫ I.Mx 6quadplus Firmware Version-

Nxp ≫ I.Mx 6quadplus Version-

Nxp ≫ I.Mx 6dualplus Firmware Version-

Nxp ≫ I.Mx 6dualplus Version-

Nxp ≫ I.Mx 28 Firmware Version-

Nxp ≫ I.Mx 28 Version-

Nxp ≫ I.Mx 7dual Firmware Version-

Nxp ≫ I.Mx 7dual Version-

Nxp ≫ I.Mx 7solo Firmware Version-

Nxp ≫ I.Mx 7solo Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.068

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6	0.5	5.5	CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
nvd@nist.gov	4.4	3.4	6.4	AV:L/AC:M/Au:N/C:P/I:P/A:P

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.securityfocus.com/bid/99966

Third Party Advisory

VDB Entry

https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02

Third Party Advisory

US Government Resource

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2017-7932

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-7932

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-7932

EUVD