CVE-2017-7932

EUVD-2017-16903
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6 MEDIUM
PHYSICAL
HIGH
NONE
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Affected Products (NVD)
VendorProductVersion
nxpvybrid_mvf30nn151cku26_firmware
-
nxpvybrid_mvf30ns151cku26_firmware
-
nxpvybrid_mvf50nn151cmk40_firmware
-
nxpvybrid_mvf50nn151cmk50_firmware
-
nxpvybrid_mvf50ns151cmk40_firmware
-
nxpvybrid_mvf50ns151cmk50_firmware
-
nxpvybrid_mvf51nn151cmk50_firmware
-
nxpvybrid_mvf51ns151cmk50_firmware
-
nxpvybrid_mvf60nn151cmk40_firmware
-
nxpvybrid_mvf60ns151cmk40_firmware
-
nxpvybrid_mvf60nn151cmk50_firmware
-
nxpvybrid_mvf60ns151cmk50_firmware
-
nxpvybrid_mvf61nn151cmk50_firmware
-
nxpvybrid_mvf61ns151cmk50_firmware
-
nxpvybrid_mvf62nn151cmk40_firmware
-
nxpi.mx_50_firmware
-
nxpi.mx_53_firmware
-
nxpi.mx_6ull_firmware
-
nxpi.mx_6ultralite_firmware
-
nxpi.mx_6sololite_firmware
-
nxpi.mx_6solo_firmware
-
nxpi.mx_6duallite_firmware
-
nxpi.mx_6solox_firmware
-
nxpi.mx_6dual_firmware
-
nxpi.mx_6quad_firmware
-
nxpi.mx_6quadplus_firmware
-
nxpi.mx_6dualplus_firmware
-
nxpi.mx_28_firmware
-
nxpi.mx_7dual_firmware
-
nxpi.mx_7solo_firmware
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/99966
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02
http://www.securityfocus.com/bid/99966
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02