Unknown
CVE-2021-3011
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2021-3011
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Products
- 3a081 -,
- a7005a -,
- j2a081 -,
- j2d081 m59 -,
- j2d081 m61 -,
- j2d082 m60 -,
- j2d120 m60 -,
- j2d145 m59 -,
- j2e081 m64 -,
- j2e082 m65 -,
- j2e120 m65 -,
- j2e145 m64 -,
- j3a041 -,
- j3d081 m59 -,
- j3d081 m59 df -,
- j3d081 m61 -,
- j3d081 m61 df -,
- j3d082 m60 -,
- j3d120 m60 -,
- j3d145 m59 -,
- j3e016 m64 -,
- j3e016 m64 df -,
- j3e016 m66 -,
- j3e016 m66 df -,
- j3e041 m64 -,
- j3e041 m64 df -,
- j3e041 m66 -,
- j3e041 m66 df -,
- j3e081 m64 -,
- j3e081 m64 df -,
- j3e081 m66 -,
- j3e081 m66 df -,
- j3e082 m65 -,
- j3e120 m65 -,
- j3e145 m64 -,
- k13 -,
- k21 -,
- k40 -,
- k9 -,
- p5010 -,
- p5020 -,
- p5021 -,
- p5040 -,
- titan security key -,
- yubikey neo -
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
