4.2 - CVE-2021-3011

Executive Summary

Informations
Name	CVE-2021-3011	First vendor Publication	2021-01-07
Vendor	Cve	Last vendor Modification	2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score	4.2
Base Score	4.2	Environmental Score	4.2
impact SubScore	3.6	Temporal Score	4.2
Exploitabality Sub Score	0.5

Attack Vector	Physical	Attack Complexity	High
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	None	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score	1.9	Attack Range	Local
Cvss Impact Score	2.9	Attack Complexity	Medium
Cvss Expoit Score	3.4	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3011

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-670	Always-Incorrect Control Flow Implementation

CPE : Common Platform Enumeration

Type	Description	Count
Hardware	Ftsafe k13 cpe:2.3:h:ftsafe:k13:-:::::::*	1
Hardware	Ftsafe k21 cpe:2.3:h:ftsafe:k21:-:::::::*	1
Hardware	Ftsafe k40 cpe:2.3:h:ftsafe:k40:-:::::::*	1
Hardware	Ftsafe k9 cpe:2.3:h:ftsafe:k9:-:::::::*	1
Hardware	Google Titan Security Key cpe:2.3:h:google:titan_security_key:-:::::::*	1
Hardware	Nxp 3A081 cpe:2.3:h:nxp:3a081:-:::::::*	1
Hardware	Nxp a7005a cpe:2.3:h:nxp:a7005a:-:::::::*	1
Hardware	Nxp J2A081 cpe:2.3:h:nxp:j2a081:-:::::::*	1
Hardware	Nxp J2D081 M59 cpe:2.3:h:nxp:j2d081_m59:-:::::::*	1
Hardware	Nxp J2D081 M61 cpe:2.3:h:nxp:j2d081_m61:-:::::::*	1
Hardware	Nxp J2D082 M60 cpe:2.3:h:nxp:j2d082_m60:-:::::::*	1
Hardware	Nxp J2D120 M60 cpe:2.3:h:nxp:j2d120_m60:-:::::::*	1
Hardware	Nxp J2D145 M59 cpe:2.3:h:nxp:j2d145_m59:-:::::::*	1
Hardware	Nxp J2E081 M64 cpe:2.3:h:nxp:j2e081_m64:-:::::::*	1
Hardware	Nxp J2E082 M65 cpe:2.3:h:nxp:j2e082_m65:-:::::::*	1
Hardware	Nxp J2E120 M65 cpe:2.3:h:nxp:j2e120_m65:-:::::::*	1
Hardware	Nxp J2E145 M64 cpe:2.3:h:nxp:j2e145_m64:-:::::::*	1
Hardware	Nxp J3A041 cpe:2.3:h:nxp:j3a041:-:::::::*	1
Hardware	Nxp J3D081 M59 cpe:2.3:h:nxp:j3d081_m59:-:::::::*	1
Hardware	Nxp J3D081 M59 Df cpe:2.3:h:nxp:j3d081_m59_df:-:::::::*	1
Hardware	Nxp J3D081 M61 cpe:2.3:h:nxp:j3d081_m61:-:::::::*	1
Hardware	Nxp J3D081 M61 Df cpe:2.3:h:nxp:j3d081_m61_df:-:::::::*	1
Hardware	Nxp J3D082 M60 cpe:2.3:h:nxp:j3d082_m60:-:::::::*	1
Hardware	Nxp J3D120 M60 cpe:2.3:h:nxp:j3d120_m60:-:::::::*	1
Hardware	Nxp J3D145 M59 cpe:2.3:h:nxp:j3d145_m59:-:::::::*	1
Hardware	Nxp J3E016 M64 cpe:2.3:h:nxp:j3e016_m64:-:::::::*	1
Hardware	Nxp J3E016 M64 Df cpe:2.3:h:nxp:j3e016_m64_df:-:::::::*	1
Hardware	Nxp J3E016 M66 cpe:2.3:h:nxp:j3e016_m66:-:::::::*	1
Hardware	Nxp J3E016 M66 Df cpe:2.3:h:nxp:j3e016_m66_df:-:::::::*	1
Hardware	Nxp J3E041 M64 cpe:2.3:h:nxp:j3e041_m64:-:::::::*	1
Hardware	Nxp J3E041 M64 Df cpe:2.3:h:nxp:j3e041_m64_df:-:::::::*	1
Hardware	Nxp J3E041 M66 cpe:2.3:h:nxp:j3e041_m66:-:::::::*	1
Hardware	Nxp J3E041 M66 Df cpe:2.3:h:nxp:j3e041_m66_df:-:::::::*	1
Hardware	Nxp J3E081 M64 cpe:2.3:h:nxp:j3e081_m64:-:::::::*	1
Hardware	Nxp J3E081 M64 Df cpe:2.3:h:nxp:j3e081_m64_df:-:::::::*	1
Hardware	Nxp J3E081 M66 cpe:2.3:h:nxp:j3e081_m66:-:::::::*	1
Hardware	Nxp J3E081 M66 Df cpe:2.3:h:nxp:j3e081_m66_df:-:::::::*	1
Hardware	Nxp J3E082 M65 cpe:2.3:h:nxp:j3e082_m65:-:::::::*	1
Hardware	Nxp J3E120 M65 cpe:2.3:h:nxp:j3e120_m65:-:::::::*	1
Hardware	Nxp J3E145 M64 cpe:2.3:h:nxp:j3e145_m64:-:::::::*	1
Hardware	Nxp p5010 cpe:2.3:h:nxp:p5010:-:::::::*	1
Hardware	Nxp p5020 cpe:2.3:h:nxp:p5020:-:::::::*	1
Hardware	Nxp p5021 cpe:2.3:h:nxp:p5021:-:::::::*	1
Hardware	Nxp p5040 cpe:2.3:h:nxp:p5040:-:::::::*	1
Hardware	Yubico Yubikey Neo cpe:2.3:h:yubico:yubikey_neo:-:::::::*	1

Sources (Detail)

https://ninjalab.io/a-side-journey-to-titan/
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2024-11-28 13:55:42	Multiple Updates
2024-02-16 05:28:07	Multiple Updates
2023-07-21 00:27:52	Multiple Updates
2021-05-04 14:09:20	Multiple Updates
2021-04-22 03:14:47	Multiple Updates
2021-01-20 21:23:34	Multiple Updates
2021-01-08 00:23:00	Multiple Updates
2021-01-07 21:24:06	First insertion

4.2 - CVE-2021-3011

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU