This page serves as a living list of major, far-reaching vulnerabilities found in numerous/generic systems that I feel it is wise to test a new system or environment for so that steps toward mitigation can be taken and the system provision/build/setup/initial configuration can be conducted in a way that is conscious of the issue and takes whatever realities it imposes into consideration. It is by no means a comprehensive or authoritative list, just a one-stop checklist I personally use to uncover what I consider to be serious and broadly applicable weaknesses that will influence the potential use-cases in which I deploy a device or system and the level of risk and trust to be associated given where and what it is assigned to do. As with the other living lists on this site I will continue to update this page as new information and experiences influence my understanding and broaden my field of view.
- CVE-2017-15361 Return of Coppersmith's Attack (ROCA): Vulnerable RSA generation in Infineon TPM Modules
- The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli
- UK National Cyber Security Centre (NCSC): ROCA: Infineon TPM and Secure Element RSA Vulnerability Guidance
- Microsoft Security Response Center (MSRC): ADV 170012: Vulnerability in TPM could allow Security Feature Bypass
- ROCA detection tool (https://github.com/crocs-muni/roca)
- ROCA Vulnerability Test Suite (onlne, browser-based implementation)
- Infineon Technologies vendor response: Information on TPM firmware update for Microsoft Windows systems as announced on Microsoft's patchday on October 10th 2017
- Windows PowerShell Infineon TPM ROCA Vulnerable Firmware Tester (tpm_roca_vulnerability_tester.ps1) from foxpa.ws downloads Telegram channel
- INTEL-SA-00086 CVE-2017-5705 CVE-2017-5706 CVE-2017-5707 CVE-2017-5708 CVE-2017-5709 CVE-2017-5710 CVE-2017-5711 CVE-2017-5712 Intel Management Engine Multiple Critical Local and Remote Buffer Overflow Vulnerabilities
- Intel® Active Management Technology (Intel® AMT) and Intel® Converged Security and Management Engine (Intel® CSME) Security Updates
- Intel Q3’17 ME 6.x/7.x/8.x/9.x/10.x/11.x, SPS 4.0, and TXE 3.0 Security Review Cumulative Update
- Intel® Management Engine Critical Firmware Update (Intel-SA-00086)
- Intel® Converged Security and Management Engine Version Detection Tool (Intel® CSMEVDT) (latest version, from Intel)
- Intel CSME Version Detection Tool (from foxpa.ws downloads Telegram channel)
- Intel® Converged Security and Management Engine (Intel® CSME) Detection Tool for Legacy Systems
- Intel CSME Version Detection Tool for Legacy Systems (from foxpa.ws downloads Telegram channel)
- The Register: Intel Management Engine pwned by buffer overflow (mitigations do not counter 3/10 CVEs)
- foxpa.ws: Intel vPro, Avctive Management Technology (AMT) and Management Engine (ME) Link Dump and Scratch Pad
- me_cleaner
- coreboot
- SPECTRE/Meltdown (fill me in!)
- Heartbleed (fill me in!)
- Shellshock (fill me in!)
Additional Resources:
Comments
There are no comments for this item.