BSA-2017-474

Brocade Fabric OS

2 more products

21649

23 December 2018

17 November 2017

Closed

Medium

5.9

N/A

CVE-2017-15361

Summary

Security Advisory ID : BSA-2017-474

Component : Infineon RSA Library

Revision : 2.0: Final

The Infineon RSA library version 1.02.013 in Infineon Trusted Platform Module (TPM) firmware mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. The keyspace required for a brute force search is lessened such that it is feasible to factorize keys under at least 2048 bits and obtain the RSA private key. The attacker needs only access to the victim's RSA public key generated by this library in order to calculate the private key.

Note that only RSA key generation is impacted. ECC is unaffected. RSA keys generated by other devices/libraries may also be used safely with this library.

Affected Products
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.

Workaround

There are no workarounds that address this vulnerability.

Revision History

Version Change Date
1.0 Initial Publication November 17, 2017
2.0 Updated to Fibre Channel only December 23, 2018