CVE-2019-18671

Current Description

Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB.

Basic Data

PublishedDecember 06, 2019
Last ModifiedFebruary 12, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-787
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • AND
    • OR - Configuration 1
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3OSKeepkeyKeepkey Firmware********6.2.2
    • OR Running on/with:
      Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
      2.3HardwareKeepkeyKeepkey-*******

Vulnerable Software List

VendorProductVersions
Keepkey Keepkey Firmware *

References

NameSourceURLTags
https://blog.inhq.net/posts/keepkey-CVE-2019-18671/https://blog.inhq.net/posts/keepkey-CVE-2019-18671/MISC
https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3https://github.com/keepkey/keepkey-firmware/commit/b222c66cdd7c3203d917c80ba615082d309d80c3MISCPatch Third Party Advisory
https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065https://medium.com/shapeshift-stories/keepkey-release-notes-v-6f7d2ec78065MISCRelease Notes Third Party Advisory
https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3https://medium.com/shapeshift-stories/shapeshift-security-update-8ec89bb1b4e3CONFIRMThird Party Advisory