CVE-2024-45678

Medienbericht

EPSS 0.03%
Veröffentlicht 03.09.2024 20:15:08
Zuletzt bearbeitet 17.03.2025 18:15:18
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Yubico ≫ Yubikey 5c Nfc Firmware Version < 5.7

Yubico ≫ Yubikey 5c Nfc Version-

Yubico ≫ Yubikey 5 Nfc Firmware Version < 5.7

Yubico ≫ Yubikey 5 Nfc Version-

Yubico ≫ Yubikey 5c Firmware Version < 5.7

Yubico ≫ Yubikey 5c Version-

Yubico ≫ Yubikey 5 Nano Firmware Version < 5.7

Yubico ≫ Yubikey 5 Nano Version-

Yubico ≫ Yubikey 5c Nano Firmware Version < 5.7

Yubico ≫ Yubikey 5c Nano Version-

Yubico ≫ Yubikey 5ci Firmware Version < 5.7

Yubico ≫ Yubikey 5ci Version-

Yubico ≫ Yubikey 5 Nfc Fips Firmware Version < 5.7

Yubico ≫ Yubikey 5 Nfc Fips Version-

Yubico ≫ Yubikey 5c Nfc Fips Firmware Version < 5.7

Yubico ≫ Yubikey 5c Nfc Fips Version-

Yubico ≫ Yubikey 5c Fips Firmware Version < 5.7

Yubico ≫ Yubikey 5c Fips Version-

Yubico ≫ Yubikey 5 Nano Fips Firmware Version < 5.7

Yubico ≫ Yubikey 5 Nano Fips Version-

Yubico ≫ Yubikey 5c Nano Fips Firmware Version < 5.7

Yubico ≫ Yubikey 5c Nano Fips Version-

Yubico ≫ Yubikey 5ci Fips Firmware Version < 5.7

Yubico ≫ Yubikey 5ci Fips Version-

Yubico ≫ Yubikey C Bio Firmware SwEditionfido Version < 5.7.2

Yubico ≫ Yubikey C Bio Version- SwEditionfido

Yubico ≫ Yubikey Bio Firmware SwEditionfido Version < 5.7.2

Yubico ≫ Yubikey Bio Version- SwEditionfido

Yubico ≫ Security Key Nfc By Yubico Firmware Version < 5.7

Yubico ≫ Security Key Nfc By Yubico Version-

Yubico ≫ Security Key C Nfc By Yubico Firmware Version < 5.7

Yubico ≫ Security Key C Nfc By Yubico Version-

Yubico ≫ Yubihsm 2 Fips Firmware Version < 2.4.0

Yubico ≫ Yubihsm 2 Fips Version2.2

Yubico ≫ Yubihsm 2 Firmware Version < 2.4.0

Yubico ≫ Yubihsm 2 Version2.3.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.077

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.2	0.5	3.6	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	4.2	0.5	3.6	CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-203 Observable Discrepancy

The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.

https://arstechnica.com/security/2024/09/yubikeys-are-vulnerable-to-cloning-attacks-thanks-to-newly-discovered-side-channel/

Press/Media Coverage

https://news.ycombinator.com/item?id=41434500

Issue Tracking

https://ninjalab.io/eucleak/

Third Party Advisory

https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf

Technical Description

https://support.yubico.com/hc/en-us/articles/15705749884444

Third Party Advisory

Mitigation

https://www.yubico.com/support/security-advisories/ysa-2024-03/