CVE-2016-6257 Information

Description

The firmware in Lenovo Ultraslim dongles as used with Lenovo Liteon SK-8861 Ultraslim Wireless and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice does not enforce incrementing AES counters which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle aka a \KeyJack injection attack.\

CVSS Vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Reference

http://www.securityfocus.com/bid/92179 https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt https://support.lenovo.com/product_security/len_7267 https://www.bastille.net/research/vulnerabilities/keyjack

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

HIGH

Base Score

NONE

Base Severity

6.5