HOMEVULNERABILITIESCVE-2017-15361
MEDIUM

CVE-2017-15361

NVD-CWE-noinfoPublished: October 16, 2017· Updated: Jun 17, 2026

5.9
CVSS v3.1

Official Description

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

NVD Source

Technical Analysis

CVE-2017-15361 can be exploited remotely over the network without requiring physical or adjacent access, significantly expanding the attack surface for threat actors.

The vulnerability requires no privileges and no user interaction, making it a prime target for automated exploitation campaigns and worm-like propagation.

A successful exploit results in complete confidentiality breach (data exposure), with a CVSS base score of 5.9.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorNetwork
Attack ComplexityHigh
Privileges Req.None
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityHigh
IntegrityNone
AvailabilityNone
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Vendors & Products

acer20 product(s)
c720 chromebookchromebasechromebase 24chromebook 11 c730chromebook 11 c730echromebook 11 c735chromebook 11 c740chromebook 11 c771chromebook 11 c771tchromebook 11 n7 c731chromebook 13 cb5-311chromebook 14 cb3-431+8
aopen3 product(s)
chromebasechromeboxchromeboxi
asi1 product(s)
chromebook
asus11 product(s)
chromebit cs10chromebook c200chromebook c201pachromebook c202sachromebook c300chromebook c300sachromebook c301sachromebook flip c100pachromebook flip c302chromebox cn60chromebox cn62
bobicus1 product(s)
chromebook 11
ctl5 product(s)
j2 chromebookj4 chromebookj5 chromebookn6 chromebooknl61 chromebook
Dell6 product(s)
chromebook 11chromebook 11 3120chromebook 11 3189chromebook 11 model 3180chromebook 13 3380chromebox
edugear4 product(s)
chromebook kchromebook mchromebook rcmt chromebook
edxis2 product(s)
chromebookeducation chromebook
epik1 product(s)
chromebook elb1101
Google1 product(s)
pixel
haier4 product(s)
chromebook 11chromebook 11 cchromebook 11 g2chromebook 11e
hexa1 product(s)
chromebook pi
hisense1 product(s)
chromebook 11
HP20 product(s)
chromebookchromebook 11-vxxxchromebook 11 1100-1199chromebook 11 2000-2099chromebook 11 2100-2199chromebook 11 2200-2299chromebook 11 g1chromebook 11 g2chromebook 11 g3chromebook 11 g4\/g4 eechromebook 11 g5chromebook 11 g5 ee+8
infineon2 product(s)
trusted platform firmwarersa library
Lenovo11 product(s)
100s chromebookn20 chromebookn21 chromebookn22 chromebookn23 chromebookn23 flex 11 chromebookn23 yoga 11 chromebookn42 chromebookthinkcentre chromeboxthinkpad 11e chromebookthinkpad 13 chromebook
lg2 product(s)
chromebase 22cb25schromebase 22cv241
medion2 product(s)
akoya s2013chromebook s2015
mercer2 product(s)
chromebookv2 chromebook
Source: NVD CPE · 129 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (44)

Quick Facts

CVE IDCVE-2017-15361
CVSS Score5.9 / 10
SeverityMEDIUM
CISA KEVNo
Affected20 vendor(s)
PublishedOct 16, 2017

Related CVEs (NVD-CWE-noinfo)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2017-15361 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.