CVE-2017-7932
Severity Score
6.0
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
Se ha descubierto un problema de validación incorrecta de certificados en NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, y i.MX 6QuadPlus. Cuando el dispositivo está configurado con opciones de seguridad habilitadas, bajo algunas condiciones es posible eludir la verificación de firma utilizando un certificado especialmente manipulado que lleva a la ejecución de una imagen sin firmar.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-04-18 CVE Reserved
- 2017-08-07 CVE Published
- 2024-03-10 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-295: Improper Certificate Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/99966 | Third Party Advisory | |
| https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Nxp Search vendor "Nxp" | Vybrid Mvf30nn151cku26 Firmware Search vendor "Nxp" for product "Vybrid Mvf30nn151cku26 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf30nn151cku26 Search vendor "Nxp" for product "Vybrid Mvf30nn151cku26" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf30ns151cku26 Firmware Search vendor "Nxp" for product "Vybrid Mvf30ns151cku26 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf30ns151cku26 Search vendor "Nxp" for product "Vybrid Mvf30ns151cku26" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf50nn151cmk40 Firmware Search vendor "Nxp" for product "Vybrid Mvf50nn151cmk40 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf50nn151cmk40 Search vendor "Nxp" for product "Vybrid Mvf50nn151cmk40" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf50nn151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf50nn151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf50nn151cmk50 Search vendor "Nxp" for product "Vybrid Mvf50nn151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf50ns151cmk40 Firmware Search vendor "Nxp" for product "Vybrid Mvf50ns151cmk40 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf50ns151cmk40 Search vendor "Nxp" for product "Vybrid Mvf50ns151cmk40" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf50ns151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf50ns151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf50ns151cmk50 Search vendor "Nxp" for product "Vybrid Mvf50ns151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf51nn151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf51nn151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf51nn151cmk50 Search vendor "Nxp" for product "Vybrid Mvf51nn151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf51ns151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf51ns151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf51ns151cmk50 Search vendor "Nxp" for product "Vybrid Mvf51ns151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf60nn151cmk40 Firmware Search vendor "Nxp" for product "Vybrid Mvf60nn151cmk40 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf60nn151cmk40 Search vendor "Nxp" for product "Vybrid Mvf60nn151cmk40" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf60ns151cmk40 Firmware Search vendor "Nxp" for product "Vybrid Mvf60ns151cmk40 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf60ns151cmk40 Search vendor "Nxp" for product "Vybrid Mvf60ns151cmk40" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf60nn151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf60nn151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf60nn151cmk50 Search vendor "Nxp" for product "Vybrid Mvf60nn151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf60ns151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf60ns151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf60ns151cmk50 Search vendor "Nxp" for product "Vybrid Mvf60ns151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf61nn151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf61nn151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf61nn151cmk50 Search vendor "Nxp" for product "Vybrid Mvf61nn151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf61ns151cmk50 Firmware Search vendor "Nxp" for product "Vybrid Mvf61ns151cmk50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf61ns151cmk50 Search vendor "Nxp" for product "Vybrid Mvf61ns151cmk50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | Vybrid Mvf62nn151cmk40 Firmware Search vendor "Nxp" for product "Vybrid Mvf62nn151cmk40 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | Vybrid Mvf62nn151cmk40 Search vendor "Nxp" for product "Vybrid Mvf62nn151cmk40" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 50 Firmware Search vendor "Nxp" for product "I.mx 50 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 50 Search vendor "Nxp" for product "I.mx 50" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 53 Firmware Search vendor "Nxp" for product "I.mx 53 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 53 Search vendor "Nxp" for product "I.mx 53" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6ull Firmware Search vendor "Nxp" for product "I.mx 6ull Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6ull Search vendor "Nxp" for product "I.mx 6ull" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6ultralite Firmware Search vendor "Nxp" for product "I.mx 6ultralite Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6ultralite Search vendor "Nxp" for product "I.mx 6ultralite" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6sololite Firmware Search vendor "Nxp" for product "I.mx 6sololite Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6sololite Search vendor "Nxp" for product "I.mx 6sololite" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6solo Firmware Search vendor "Nxp" for product "I.mx 6solo Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6solo Search vendor "Nxp" for product "I.mx 6solo" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6duallite Firmware Search vendor "Nxp" for product "I.mx 6duallite Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6duallite Search vendor "Nxp" for product "I.mx 6duallite" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6solox Firmware Search vendor "Nxp" for product "I.mx 6solox Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6solox Search vendor "Nxp" for product "I.mx 6solox" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6dual Firmware Search vendor "Nxp" for product "I.mx 6dual Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6dual Search vendor "Nxp" for product "I.mx 6dual" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6quad Firmware Search vendor "Nxp" for product "I.mx 6quad Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6quad Search vendor "Nxp" for product "I.mx 6quad" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6quadplus Firmware Search vendor "Nxp" for product "I.mx 6quadplus Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6quadplus Search vendor "Nxp" for product "I.mx 6quadplus" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 6dualplus Firmware Search vendor "Nxp" for product "I.mx 6dualplus Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 6dualplus Search vendor "Nxp" for product "I.mx 6dualplus" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 28 Firmware Search vendor "Nxp" for product "I.mx 28 Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 28 Search vendor "Nxp" for product "I.mx 28" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 7dual Firmware Search vendor "Nxp" for product "I.mx 7dual Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 7dual Search vendor "Nxp" for product "I.mx 7dual" | - | - |
Safe
|
| Nxp Search vendor "Nxp" | I.mx 7solo Firmware Search vendor "Nxp" for product "I.mx 7solo Firmware" | - | - |
Affected
| in | Nxp Search vendor "Nxp" | I.mx 7solo Search vendor "Nxp" for product "I.mx 7solo" | - | - |
Safe
|