Описание
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.
Ссылки
- ExploitThird Party Advisory
- ExploitVendor Advisory
- ExploitThird Party Advisory
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.5.1 (исключая)
Одновременно
cpe:2.3:a:ledger:monero:*:*:*:*:*:*:*:*
Одно из
cpe:2.3:h:ledger:nano_s:-:*:*:*:*:*:*:*
cpe:2.3:h:ledger:nano_x:-:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00591
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-327
Связанные уязвимости
github
больше 3 лет назад
A flawed protocol design in the Ledger Monero app before 1.5.1 for Ledger Nano and Ledger S devices allows a local attacker to extract the master spending key by sending crafted messages to this app selected on a PIN-entered Ledger connected to a host PC.
EPSS
Процентиль: 69%
0.00591
Низкий
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
CWE-327