CVE-2017-10606
SRX Series: Cryptographic weakness in SRX300 Series TPM Firmware
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper Networks SRX300 Series has a weakness in generating cryptographic keys that may allow an attacker to decrypt sensitive information in SRX300 Series products. The TPM is used in the SRX300 Series to encrypt sensitive configuration data. While other products also ship with a TPM, no other products or platforms are affected by this vulnerability. Customers can confirm the version of TPM firmware via the 'show security tpm status' command. This issue was discovered by an external security researcher. No other Juniper Networks products or platforms are affected by this issue.
La versión 4.40 de firmware del TPM (Trusted Platform Module) en la serie SRX300 de Juniper Networks tiene una vulnerabilidad a la hora de generar claves criptográficas que podría permitir que un atacante descifre información sensible en los productos de la serie SRX300. El TPM se utiliza en la serie SRX300 para cifrar datos de configuración sensibles. Aunque otros productos también dan servicio con un TPM, no existen otros productos o plataformas que se vean afectados por esta vulnerabilidad. Los clientes pueden confirmar la versión del firmware del TPM mediante el comando "show security tpm status". Un investigador de seguridad externo descubrió este problema. No hay ningún otro producto o plataforma de Juniper Networks que se vea afectado por este problema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-28 CVE Reserved
- 2017-10-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Juniper Search vendor "Juniper" | Trusted Platform Module Firmware Search vendor "Juniper" for product "Trusted Platform Module Firmware" | 4.40 Search vendor "Juniper" for product "Trusted Platform Module Firmware" and version "4.40" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx300 Search vendor "Juniper" for product "Srx300" | - | - |
Safe
|
Juniper Search vendor "Juniper" | Trusted Platform Module Firmware Search vendor "Juniper" for product "Trusted Platform Module Firmware" | 4.40 Search vendor "Juniper" for product "Trusted Platform Module Firmware" and version "4.40" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx320 Search vendor "Juniper" for product "Srx320" | - | - |
Safe
|
Juniper Search vendor "Juniper" | Trusted Platform Module Firmware Search vendor "Juniper" for product "Trusted Platform Module Firmware" | 4.40 Search vendor "Juniper" for product "Trusted Platform Module Firmware" and version "4.40" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx340 Search vendor "Juniper" for product "Srx340" | - | - |
Safe
|
Juniper Search vendor "Juniper" | Trusted Platform Module Firmware Search vendor "Juniper" for product "Trusted Platform Module Firmware" | 4.40 Search vendor "Juniper" for product "Trusted Platform Module Firmware" and version "4.40" | - |
Affected
| in | Juniper Search vendor "Juniper" | Srx345 Search vendor "Juniper" for product "Srx345" | - | - |
Safe
|