CVE-2016-6257

EUVD-2016-7187
The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
amazonbasicsfirmware
-
dellkm714_firmware
𝑥
≤ 012.005.00028
dellkm632_firmware
-
logitechunifying_firmware
𝑥
≤ 012.005.00028
logitechunifying_firmware
𝑥
≤ 024.003.00027
lenovoultraslim_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/92179
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt
https://support.lenovo.com/product_security/len_7267
https://www.bastille.net/research/vulnerabilities/keyjack
http://www.securityfocus.com/bid/92179
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt
https://support.lenovo.com/product_security/len_7267
https://www.bastille.net/research/vulnerabilities/keyjack