CVE-2021-3011

Published Jan 7, 2021

Last updated 3 months ago

CVSS medium 4.2

Overview

Description: An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.2
Impact score: 3.6
Exploitability score: 0.5
Vector string: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 1.9
Impact score: 2.9
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-670

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:ftsafe:k13:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C371A9EB-9913-47B6-B700-52AA684BEB83"
          },
          {
            "criteria": "cpe:2.3:h:ftsafe:k21:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B74A66D7-2BBA-4948-92C2-9C95708A52F6"
          },
          {
            "criteria": "cpe:2.3:h:ftsafe:k40:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F8157B9-62EA-4D8C-BAA5-3E06D6D2BC6E"
          },
          {
            "criteria": "cpe:2.3:h:ftsafe:k9:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6002CC8B-FA41-41D5-9155-2E968833B245"
          },
          {
            "criteria": "cpe:2.3:h:google:titan_security_key:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3898349-B3AA-4A52-B596-6134A8C761BA"
          },
          {
            "criteria": "cpe:2.3:h:nxp:3a081:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3562892-1B90-4C6F-ADF6-9B9315A97D85"
          },
          {
            "criteria": "cpe:2.3:h:nxp:a7005a:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B72F8FB7-55F6-4BF2-B178-E75135907FD3"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2a081:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FF331FEC-7AD1-4A29-AD96-0B1FDDDDF70C"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2d081_m59:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7BB5400-8634-4CCE-BC17-ADEEC3A24097"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2d081_m61:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3DA83214-E840-4522-875F-96ED46B5D068"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2d082_m60:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F32A1832-015C-421D-B570-D37BA3DC4AE1"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2d120_m60:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7300C2AB-30EE-424B-9E0F-AE2F67D215BD"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2d145_m59:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4BEA4901-319E-4A3C-9393-B32C23C5FCF4"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2e081_m64:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B597069C-1B95-4C29-B1E6-9C46297D1621"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2e082_m65:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E7E0363-585F-4310-8E93-F8DE8044AA5E"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2e120_m65:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51B0362D-BAF3-4BA0-BCE2-0852012C1423"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j2e145_m64:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38F010FF-A3C7-44B6-A99B-6EAF42CAEF22"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3a041:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D93C794-F9E5-4D7B-BF05-EE51BFF2F794"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3d081_m59:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4DF9D4FF-9ADA-4B42-9591-6D5227861EFA"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3d081_m59_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "682345E4-9A4D-486D-9924-A2D7433F57AA"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3d081_m61:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9223E194-B6D7-42A8-8362-4D3246EDFB56"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3d081_m61_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5789608-2A02-4332-818C-429234174C0E"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3d082_m60:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "091BA771-F84E-46BF-9E75-A249E1BF5CF4"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3d120_m60:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB660B5B-A473-4C9D-BC88-87BE8CB2E955"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3d145_m59:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA287167-585B-4847-8590-168D8E41205D"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e016_m64:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4115F576-AF8F-4BF1-A2C4-FDA7CE918B82"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e016_m64_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C98E519-621A-4D49-B32B-7D72A22E0447"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e016_m66:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CE8EF22-82E3-4F36-94A2-DA7C84462667"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e016_m66_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE3B9214-0A5D-4CDF-A7A9-16EF0F2431EC"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e041_m64:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFD017E8-0225-4D37-8A41-5EE088ADEE54"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e041_m64_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "007D7B9E-D431-482B-A576-68DAAA07C037"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e041_m66:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB41A3E7-EF91-4182-AC47-70C9B23FF7F4"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e041_m66_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22163B7D-4A6F-4DF3-8F93-8D6FD5809DA3"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e081_m64:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A590808-A5DB-4EBC-8523-0A4AEC200D9C"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e081_m64_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4C6E1109-7E28-4FB3-BED1-C879223496D6"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e081_m66:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F19FEED6-094A-480C-AE55-4D07A22C0B21"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e081_m66_df:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DBEA8BFE-CFFC-4F8A-9DA0-EBDCEE3FC190"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e082_m65:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C719CEF5-FAB5-49E2-95DB-8F5B8512911C"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e120_m65:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "840BE528-2E2F-4B56-ABF4-945593059AB7"
          },
          {
            "criteria": "cpe:2.3:h:nxp:j3e145_m64:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "293D83EA-BECC-41FD-B196-5F78634F0C72"
          },
          {
            "criteria": "cpe:2.3:h:nxp:p5010:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58633538-559B-4754-8CC7-8773B4471599"
          },
          {
            "criteria": "cpe:2.3:h:nxp:p5020:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1A91708-A1D7-4BB1-899E-67119D76AAD1"
          },
          {
            "criteria": "cpe:2.3:h:nxp:p5021:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A1C0F199-D373-4DDF-8C11-35F4C55F27F6"
          },
          {
            "criteria": "cpe:2.3:h:nxp:p5040:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8432727D-A0E2-49C1-9F90-91A6F5A940CD"
          },
          {
            "criteria": "cpe:2.3:h:yubico:yubikey_neo:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "850230EE-E2A8-4BE7-A1D3-2C36D1A89C7E"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References