Vulnerabilities > CVE-2019-16863 - Information Exposure Through Discrepancy vulnerability in ST products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
STMicroelectronics ST33TPHF2ESPI TPM devices before 2019-09-12 allow attackers to extract the ECDSA private key via a side-channel timing attack because ECDSA scalar multiplication is mishandled, aka TPM-FAIL.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
The Hacker News
id | THN:BAA74F37E5ED293596C20A2281BF1267 |
last seen | 2019-11-13 |
modified | 2019-11-13 |
published | 2019-11-13 |
reporter | The Hacker News |
source | https://thehackernews.com/2019/11/tpm-encryption-keys-hacking.html |
title | Researchers Discover TPM-Fail Vulnerabilities Affecting Billions of Devices |
References
- http://tpm.fail
- http://tpm.fail
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV190024
- https://support.f5.com/csp/article/K32412503?utm_source=f5support&%3Butm_medium=RSS
- https://support.f5.com/csp/article/K32412503?utm_source=f5support&%3Butm_medium=RSS
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03972en_us
- https://support.lenovo.com/us/en/product_security/LEN-29406
- https://support.lenovo.com/us/en/product_security/LEN-29406
- https://www.st.com/content/st_com/en/campaigns/tpm-update.html
- https://www.st.com/content/st_com/en/campaigns/tpm-update.html