Vulnerabilities > CVE-2018-12332 - Incomplete Cleanup vulnerability in Ecos Secure Boot Stick Firmware 5.6.5

CVSS 4.2 - MEDIUM

Attack vector

PHYSICAL

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

high complexity

ecos

CWE-459

NVD

Published: 2018-06-17

Updated: 2019-10-03

Summary

Incomplete Cleanup vulnerability in ECOS Secure Boot Stick (aka SBS) 5.6.5 allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset.

Vulnerable Configurations

Part	Description	Count
OS	Ecos Ecos Secure Boot Stick Firmware 5.6.5	1
Hardware	Ecos Ecos Secure Boot Stick -	1

Common Weakness Enumeration (CWE)

CWE-459 - Incomplete Cleanup

References

https://telematik.prakinf.tu-ilmenau.de/ecos-sbs/advisory.html