CVE-2017-7932
6.0
Vector
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Exploitability: 0.5 / Impact: 5.5
Source: NVD
Description
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
Affected (30)
Products: Nxp: Vybrid Mvf30nn151cku26 Firmware, Vybrid Mvf30ns151cku26 Firmware, Vybrid Mvf50nn151cmk40 Firmware, Vybrid Mvf50nn151cmk50 Firmware, Vybrid Mvf50ns151cmk40 Firmware, Vybrid Mvf50ns151cmk50 Firmware, Vybrid Mvf51nn151cmk50 Firmware, Vybrid Mvf51ns151cmk50 Firmware, Vybrid Mvf60nn151cmk40 Firmware, Vybrid Mvf60ns151cmk40 Firmware, Vybrid Mvf60nn151cmk50 Firmware, Vybrid Mvf60ns151cmk50 Firmware, Vybrid Mvf61nn151cmk50 Firmware, Vybrid Mvf61ns151cmk50 Firmware, Vybrid Mvf62nn151cmk40 Firmware, I.mx 50 Firmware, I.mx 53 Firmware, I.mx 6ull Firmware, I.mx 6ultralite Firmware, I.mx 6sololite Firmware, I.mx 6solo Firmware, I.mx 6duallite Firmware, I.mx 6solox Firmware, I.mx 6dual Firmware, I.mx 6quad Firmware, I.mx 6quadplus Firmware, I.mx 6dualplus Firmware, I.mx 28 Firmware, I.mx 7dual Firmware, I.mx 7solo Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf30nn151cku26 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf30ns151cku26 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf50nn151cmk40 | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf50nn151cmk50 | All versions |
Configuration E
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf50ns151cmk40 | All versions |
Configuration F
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf50ns151cmk50 | All versions |
Configuration G
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf51nn151cmk50 | All versions |
Configuration H
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf51ns151cmk50 | All versions |
Configuration I
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf60nn151cmk40 | All versions |
Configuration J
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf60ns151cmk40 | All versions |
Configuration K
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf60nn151cmk50 | All versions |
Configuration L
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf60ns151cmk50 | All versions |
Configuration M
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf61nn151cmk50 | All versions |
Configuration N
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf61ns151cmk50 | All versions |
Configuration O
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp Vybrid Mvf62nn151cmk40 | All versions |
Configuration P
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 50 | All versions |
Configuration Q
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 53 | All versions |
Configuration R
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6ull | All versions |
Configuration S
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6ultralite | All versions |
Configuration T
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6sololite | All versions |
Configuration U
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6solo | All versions |
Configuration V
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6duallite | All versions |
Configuration W
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6solox | All versions |
Configuration X
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6dual | All versions |
Configuration Y
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6quad | All versions |
Configuration Z
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6quadplus | All versions |
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 6dualplus | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 28 | All versions |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 7dual | All versions |
Configuration D
| Vulnerable Software | Affected Versions |
|---|---|
| All versions |
| Running on/with | Platform Versions |
|---|---|
Nxp I.mx 7solo | All versions |
References (4)
Source: ics-cert@hq.dhs.gov
Third Party AdvisoryUS Government ResourceVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government ResourceVDB Entry
Timeline
No history available yet.