Vulnerability Details : CVE-2017-16242
An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-16242
- cpe:2.3:o:meco:usb_memory_stick_with_fingerprint_firwmare:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-16242
0.16%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-16242
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
6.8
|
MEDIUM | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2017-16242
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-16242
-
https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-way
Attacking encrypted USB keys the hard(ware) way - Black Hat USA 2017Third Party Advisory
-
https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335
CVE-2017-16242 ยท GitHubThird Party Advisory
-
https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encrypted-usb-keys-the-hardware-way-7443
Attacking Encrypted USB Keys the Hard(ware) Way - Black Hat USA 2017 | Briefings ScheduleThird Party Advisory
-
https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB-Keys-The-Hard(ware)-Way.pdf
Jump to