CVE-2017-7932 Information
Feb 14, 2021
cve
Description
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50 i.MX 53 i.MX 7Solo i.MX 7Dual Vybrid VF3xx Vybrid VF5xx Vybrid VF6xx i.MX 6ULL i.MX 6UltraLite i.MX 6SoloLite i.MX 6Solo i.MX 6DualLite i.MX 6SoloX i.MX 6Dual i.MX 6Quad i.MX 6DualPlus and i.MX 6QuadPlus. When the device is configured in security enabled configuration under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
CVSS Vector
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Reference
http://www.securityfocus.com/bid/99966 https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
HIGH
Base Severity
6.0
Share on: