vulnerability
Oracle Linux: CVE-2021-3565: ELSA-2021-4413: tpm2-tools security and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:M/C:C/I:N/A:N) | May 25, 2021 | Nov 17, 2021 | Nov 29, 2024 |
Severity
4
CVSS
(AV:L/AC:L/Au:M/C:C/I:N/A:N)
Published
May 25, 2021
Added
Nov 17, 2021
Modified
Nov 29, 2024
Description
A flaw was found in tpm2-tools in versions before 5.1.1 and before 4.3.2. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in tpm2-tools. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
A flaw was found in tpm2-tools. tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported. The highest threat from this vulnerability is to data confidentiality.
Solution
oracle-linux-upgrade-tpm2-tools
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.