Vulnerability CVE-2021-3565

Vulnerability Name:

CVE-2021-3565 (CCN-203057)

Assigned:

2021-05-25

Published:

2021-05-25

Updated:

2022-04-25

Summary:

A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.

CVSS v3 Severity:

5.9 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.2 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

4.4 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)
3.9 Low (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): High User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:S/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-798
CWE-200

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-3565

Source: CCN
Type: Red Hat Bugzilla - Bug 1964427
(CVE-2021-3565) - CVE-2021-3565 tpm2-tools: fixed AES wrapping key in tpm2_import

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1964427

Source: XF
Type: UNKNOWN
tpm2-cve20213565-mitm(203057)

Source: CCN
Type: tpm2-tools GIT Repository
tpm2_import: fix fixed AES key CVE-2021-3565

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-00a15ad850

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-c970c02748

Vulnerable Configuration:

Configuration 1:

cpe:/a:tpm2-tools_project:tpm2-tools:*:*:*:*:*:*:*:* (Version < 4.3.2)

OR cpe:/a:tpm2-tools_project:tpm2-tools:*:*:*:*:*:*:*:* (Version >= 5.1 and < 5.1.1)

Configuration 2:

cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7819	P	tpm2.0-tools-5.2-150400.4.6 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:724	P	Security update for freerdp (Important)	2022-09-02
oval:org.opensuse.security:def:3625	P	Security update for openssl-3 (Important)	2022-07-06
oval:org.opensuse.security:def:3212	P	libmspack0-0.4-14.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3441	P	avahi-0.6.32-32.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94553	P	fribidi-1.0.10-150400.1.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94842	P	tpm2.0-tools-5.2-150400.4.6 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:113541	P	tpm2.0-tools-5.1.1-3.2 on GA media (Moderate)	2022-01-17
oval:com.redhat.rhsa:def:20214413	P	RHSA-2021:4413: tpm2-tools security and enhancement update (Moderate)	2021-11-09
oval:org.opensuse.security:def:106935	P	tpm2.0-tools-5.1.1-3.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:101266	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:111588	P	Security update for tpm2.0-tools (Moderate)	2021-07-11
oval:org.opensuse.security:def:111469	P	Security update for tpm2.0-tools (Moderate)	2021-06-27
oval:org.opensuse.security:def:107932	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:97075	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:73836	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:97076	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:64530	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:101455	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:117447	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:64714	P	Security update for tpm2.0-tools (Moderate)	2021-06-17
oval:org.opensuse.security:def:73652	P	Security update for tpm2.0-tools (Moderate)	2021-06-17

BACK