CVE-2021-3011

Exploit

EPSS 0.06%
Veröffentlicht 07.01.2021 16:15:12
Zuletzt bearbeitet 21.11.2024 06:20:44
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Ftsafe ≫ K13 Version-

Ftsafe ≫ K21 Version-

Ftsafe ≫ K40 Version-

Ftsafe ≫ K9 Version-

Google ≫ Titan Security Key Version-

Nxp ≫ 3a081 Version-

Nxp ≫ A7005a Version-

Nxp ≫ J2a081 Version-

Nxp ≫ J2d081 M59 Version-

Nxp ≫ J2d081 M61 Version-

Nxp ≫ J2d082 M60 Version-

Nxp ≫ J2d120 M60 Version-

Nxp ≫ J2d145 M59 Version-

Nxp ≫ J2e081 M64 Version-

Nxp ≫ J2e082 M65 Version-

Nxp ≫ J2e120 M65 Version-

Nxp ≫ J2e145 M64 Version-

Nxp ≫ J3a041 Version-

Nxp ≫ J3d081 M59 Version-

Nxp ≫ J3d081 M59 Df Version-

Nxp ≫ J3d081 M61 Version-

Nxp ≫ J3d081 M61 Df Version-

Nxp ≫ J3d082 M60 Version-

Nxp ≫ J3d120 M60 Version-

Nxp ≫ J3d145 M59 Version-

Nxp ≫ J3e016 M64 Version-

Nxp ≫ J3e016 M64 Df Version-

Nxp ≫ J3e016 M66 Version-

Nxp ≫ J3e016 M66 Df Version-

Nxp ≫ J3e041 M64 Version-

Nxp ≫ J3e041 M64 Df Version-

Nxp ≫ J3e041 M66 Version-

Nxp ≫ J3e041 M66 Df Version-

Nxp ≫ J3e081 M64 Version-

Nxp ≫ J3e081 M64 Df Version-

Nxp ≫ J3e081 M66 Version-

Nxp ≫ J3e081 M66 Df Version-

Nxp ≫ J3e082 M65 Version-

Nxp ≫ J3e120 M65 Version-

Nxp ≫ J3e145 M64 Version-

Nxp ≫ P5010 Version-

Nxp ≫ P5020 Version-

Nxp ≫ P5021 Version-

Nxp ≫ P5040 Version-

Yubico ≫ Yubikey Neo Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.144

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.2	0.5	3.6	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-670 Always-Incorrect Control Flow Implementation

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

https://ninjalab.io/a-side-journey-to-titan/

Third Party Advisory

https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf

Third Party Advisory

Exploit

Technical Description

https://nvd.nist.gov/vuln/detail/CVE-2021-3011

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-3011

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-3011

EUVD