CVE-2021-3565
Description
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.162
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2021:1998-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) tpm2.0-tools-4.3.0-4.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1998-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) tpm2.0-tools-debuginfo-4.3.0-4.3.1.x86_64.rpm | Linux |
| SUSE-SU-2021:1998-1(SUSE Linux Enterprise Module for Basesystem 15-SP3 ) tpm2.0-tools-debugsource-4.3.0-4.3.1.x86_64.rpm | Linux |
| (RHSA-2021:4413)Moderate: security and enhancement update tpm2-tools-4.1.1-5.el8.x86_64.rpm | Linux |
| (RHSA-2021:4413)Moderate: security and enhancement update tpm2-tools-debuginfo-4.1.1-5.el8.x86_64.rpm | Linux |
| (RHSA-2021:4413)Moderate: security and enhancement update tpm2-tools-debugsource-4.1.1-5.el8.x86_64.rpm | Linux |
| tpm2-tools security and enhancement update (RLSA-2021:4413) tpm2-tools-4.1.1-5.el8.x86_64.rpm | Linux |
| Tpm2-tools update (ELSA-2021-4413) tpm2-tools-4.1.1-5.el8.x86_64.rpm | Linux |
| Moderate: tpm2-tools security and enhancement update tpm2-tools-4.1.1-5.el8.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234