CVE-2023-25758

Опубликовано: 14 фев. 2023

Источник: nvd

CVSS3: 4.2

EPSS Низкий

Описание

Onekey Touch devices through 4.0.0 and Onekey Mini devices through 2.10.0 allow man-in-the-middle attackers to obtain the seed phase. The man-in-the-middle access can only be obtained after disassembling a device (i.e., here, "man-in-the-middle" does not refer to the attacker's position on an IP network). NOTE: the vendor states that "our hardware team has updated the security patch without anyone being affected."

Ссылки

https://blog.onekey.so/our-response-to-recent-security-fix-reports-13914fea8afd
Vendor Advisory
https://fortune.com/crypto/2023/02/09/cyber-firm-cracks-onekey-crypto-wallets-in-video-raises-questions-hardware-security/amp/
Third Party Advisory
https://github.com/OneKeyHQ/firmware
Product
https://blog.onekey.so/our-response-to-recent-security-fix-reports-13914fea8afd
Vendor Advisory
https://fortune.com/crypto/2023/02/09/cyber-firm-cracks-onekey-crypto-wallets-in-video-raises-questions-hardware-security/amp/
Third Party Advisory
https://github.com/OneKeyHQ/firmware
Product

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:onekey:onekey_touch_firmware:*:*:*:*:*:*:*:*

Версия до 4.0.0 (включая)

cpe:2.3:h:onekey:onekey_touch:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:onekey:onekey_mini_firmware:*:*:*:*:*:*:*:*

Версия до 2.10.0 (включая)

cpe:2.3:h:onekey:onekey_mini:-:*:*:*:*:*:*:*

EPSS

Процентиль: 27%

0.00096

Низкий

4.2 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

GHSA-3x3j-cw3j-2xvc