Unknown
CVE-2024-45678
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2024-45678
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
Yubico YubiKey 5 Series devices with firmware before 5.7.0 and YubiHSM 2 devices with firmware before 2.4.0 allow an ECDSA secret-key extraction attack (that requires physical access and expensive equipment) in which an electromagnetic side channel is present because of a non-constant-time modular inversion for the Extended Euclidean Algorithm, aka the EUCLEAK issue. Other uses of an Infineon cryptographic library may also be affected.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
- yubico
Products
- security key c nfc by yubico firmware,
- security key nfc by yubico firmware,
- yubihsm 2 fips firmware,
- yubihsm 2 firmware,
- yubikey 5 nano fips firmware,
- yubikey 5 nano firmware,
- yubikey 5 nfc fips firmware,
- yubikey 5 nfc firmware,
- yubikey 5c fips firmware,
- yubikey 5c firmware,
- yubikey 5c nano fips firmware,
- yubikey 5c nano firmware,
- yubikey 5c nfc fips firmware,
- yubikey 5c nfc firmware,
- yubikey 5ci fips firmware,
- yubikey 5ci firmware,
- yubikey bio firmware,
- yubikey c bio firmware
References
Miscellaneous
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
