CVE-2021-3011
Published Jan 7, 2021
Last updated 9 months ago
Overview
- Description
- An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.2
- Impact score
- 3.6
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 1.9
- Impact score
- 2.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-670
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:ftsafe:k13:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C371A9EB-9913-47B6-B700-52AA684BEB83"
},
{
"criteria": "cpe:2.3:h:ftsafe:k21:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B74A66D7-2BBA-4948-92C2-9C95708A52F6"
},
{
"criteria": "cpe:2.3:h:ftsafe:k40:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4F8157B9-62EA-4D8C-BAA5-3E06D6D2BC6E"
},
{
"criteria": "cpe:2.3:h:ftsafe:k9:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6002CC8B-FA41-41D5-9155-2E968833B245"
},
{
"criteria": "cpe:2.3:h:google:titan_security_key:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A3898349-B3AA-4A52-B596-6134A8C761BA"
},
{
"criteria": "cpe:2.3:h:nxp:3a081:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3562892-1B90-4C6F-ADF6-9B9315A97D85"
},
{
"criteria": "cpe:2.3:h:nxp:a7005a:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B72F8FB7-55F6-4BF2-B178-E75135907FD3"
},
{
"criteria": "cpe:2.3:h:nxp:j2a081:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FF331FEC-7AD1-4A29-AD96-0B1FDDDDF70C"
},
{
"criteria": "cpe:2.3:h:nxp:j2d081_m59:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D7BB5400-8634-4CCE-BC17-ADEEC3A24097"
},
{
"criteria": "cpe:2.3:h:nxp:j2d081_m61:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3DA83214-E840-4522-875F-96ED46B5D068"
},
{
"criteria": "cpe:2.3:h:nxp:j2d082_m60:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F32A1832-015C-421D-B570-D37BA3DC4AE1"
},
{
"criteria": "cpe:2.3:h:nxp:j2d120_m60:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7300C2AB-30EE-424B-9E0F-AE2F67D215BD"
},
{
"criteria": "cpe:2.3:h:nxp:j2d145_m59:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4BEA4901-319E-4A3C-9393-B32C23C5FCF4"
},
{
"criteria": "cpe:2.3:h:nxp:j2e081_m64:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B597069C-1B95-4C29-B1E6-9C46297D1621"
},
{
"criteria": "cpe:2.3:h:nxp:j2e082_m65:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E7E0363-585F-4310-8E93-F8DE8044AA5E"
},
{
"criteria": "cpe:2.3:h:nxp:j2e120_m65:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "51B0362D-BAF3-4BA0-BCE2-0852012C1423"
},
{
"criteria": "cpe:2.3:h:nxp:j2e145_m64:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38F010FF-A3C7-44B6-A99B-6EAF42CAEF22"
},
{
"criteria": "cpe:2.3:h:nxp:j3a041:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D93C794-F9E5-4D7B-BF05-EE51BFF2F794"
},
{
"criteria": "cpe:2.3:h:nxp:j3d081_m59:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4DF9D4FF-9ADA-4B42-9591-6D5227861EFA"
},
{
"criteria": "cpe:2.3:h:nxp:j3d081_m59_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "682345E4-9A4D-486D-9924-A2D7433F57AA"
},
{
"criteria": "cpe:2.3:h:nxp:j3d081_m61:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9223E194-B6D7-42A8-8362-4D3246EDFB56"
},
{
"criteria": "cpe:2.3:h:nxp:j3d081_m61_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5789608-2A02-4332-818C-429234174C0E"
},
{
"criteria": "cpe:2.3:h:nxp:j3d082_m60:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "091BA771-F84E-46BF-9E75-A249E1BF5CF4"
},
{
"criteria": "cpe:2.3:h:nxp:j3d120_m60:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB660B5B-A473-4C9D-BC88-87BE8CB2E955"
},
{
"criteria": "cpe:2.3:h:nxp:j3d145_m59:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA287167-585B-4847-8590-168D8E41205D"
},
{
"criteria": "cpe:2.3:h:nxp:j3e016_m64:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4115F576-AF8F-4BF1-A2C4-FDA7CE918B82"
},
{
"criteria": "cpe:2.3:h:nxp:j3e016_m64_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C98E519-621A-4D49-B32B-7D72A22E0447"
},
{
"criteria": "cpe:2.3:h:nxp:j3e016_m66:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CE8EF22-82E3-4F36-94A2-DA7C84462667"
},
{
"criteria": "cpe:2.3:h:nxp:j3e016_m66_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DE3B9214-0A5D-4CDF-A7A9-16EF0F2431EC"
},
{
"criteria": "cpe:2.3:h:nxp:j3e041_m64:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFD017E8-0225-4D37-8A41-5EE088ADEE54"
},
{
"criteria": "cpe:2.3:h:nxp:j3e041_m64_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "007D7B9E-D431-482B-A576-68DAAA07C037"
},
{
"criteria": "cpe:2.3:h:nxp:j3e041_m66:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB41A3E7-EF91-4182-AC47-70C9B23FF7F4"
},
{
"criteria": "cpe:2.3:h:nxp:j3e041_m66_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22163B7D-4A6F-4DF3-8F93-8D6FD5809DA3"
},
{
"criteria": "cpe:2.3:h:nxp:j3e081_m64:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9A590808-A5DB-4EBC-8523-0A4AEC200D9C"
},
{
"criteria": "cpe:2.3:h:nxp:j3e081_m64_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4C6E1109-7E28-4FB3-BED1-C879223496D6"
},
{
"criteria": "cpe:2.3:h:nxp:j3e081_m66:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F19FEED6-094A-480C-AE55-4D07A22C0B21"
},
{
"criteria": "cpe:2.3:h:nxp:j3e081_m66_df:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DBEA8BFE-CFFC-4F8A-9DA0-EBDCEE3FC190"
},
{
"criteria": "cpe:2.3:h:nxp:j3e082_m65:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C719CEF5-FAB5-49E2-95DB-8F5B8512911C"
},
{
"criteria": "cpe:2.3:h:nxp:j3e120_m65:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "840BE528-2E2F-4B56-ABF4-945593059AB7"
},
{
"criteria": "cpe:2.3:h:nxp:j3e145_m64:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "293D83EA-BECC-41FD-B196-5F78634F0C72"
},
{
"criteria": "cpe:2.3:h:nxp:p5010:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58633538-559B-4754-8CC7-8773B4471599"
},
{
"criteria": "cpe:2.3:h:nxp:p5020:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F1A91708-A1D7-4BB1-899E-67119D76AAD1"
},
{
"criteria": "cpe:2.3:h:nxp:p5021:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A1C0F199-D373-4DDF-8C11-35F4C55F27F6"
},
{
"criteria": "cpe:2.3:h:nxp:p5040:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8432727D-A0E2-49C1-9F90-91A6F5A940CD"
},
{
"criteria": "cpe:2.3:h:yubico:yubikey_neo:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "850230EE-E2A8-4BE7-A1D3-2C36D1A89C7E"
}
],
"operator": "OR"
}
]
}
]