The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
References
| Link | Resource |
|---|---|
| https://www.bastille.net/research/vulnerabilities/keyjack | Third Party Advisory |
| https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt | Third Party Advisory |
| https://support.lenovo.com/product_security/len_7267 | Vendor Advisory |
| http://www.securityfocus.com/bid/92179 | Third Party Advisory VDB Entry |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Information
Published : 2016-08-02 07:59
Updated : 2021-04-22 14:21
NVD link : CVE-2016-6257
Mitre link : CVE-2016-6257
JSON object : View
CWE
CWE-310
Cryptographic Issues
Advertisement
Products Affected
logitech
- unifying_dongle
- unifying_firmware
dell
- km632_firmware
- km714_dongle
- km632_wireless_keyboard
- km714_wireless_keyboard
- km632_dongle
- km714_firmware
amazonbasics
- usb_dongle
- wireless_keyboard
- firmware
lenovo
- ultraslim_firmware
- ultraslim_dongle
- ultraslim_wireless_keyboard