CVE-2016-6257

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

CVSS v3.0 6.5 MEDIUM
CVSS v2.0 3.3 LOW

6.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.3^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 6.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://www.bastille.net/research/vulnerabilities/keyjack	Third Party Advisory
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt	Third Party Advisory
https://support.lenovo.com/product_security/len_7267	Vendor Advisory
http://www.securityfocus.com/bid/92179	Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:amazonbasics:firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:amazonbasics:usb_dongle:-:::::::*
	cpe:2.3:h:amazonbasics:wireless_keyboard:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:o:dell:km714_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:km714_dongle:-:::::::*
	cpe:2.3:h:dell:km714_wireless_keyboard:-:::::::*

Configuration 3 (hide)

AND

cpe:2.3:o:dell:km632_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:dell:km632_dongle:-:::::::*
	cpe:2.3:h:dell:km632_wireless_keyboard:-:::::::*

Configuration 4 (hide)

AND

OR	cpe:2.3:o:logitech:unifying_firmware::::::::
	cpe:2.3:o:logitech:unifying_firmware::::::::

cpe:2.3:h:logitech:unifying_dongle:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:lenovo:ultraslim_firmware:-:*:*:*:*:*:*:*

OR	cpe:2.3:h:lenovo:ultraslim_wireless_keyboard:-:::::::*
	cpe:2.3:h:lenovo:ultraslim_dongle:-:::::::*

Information

Published : 2016-08-02 07:59

Updated : 2021-04-22 14:21

NVD link : CVE-2016-6257

Mitre link : CVE-2016-6257

JSON object : View

CWE

CWE-310

Cryptographic Issues

Products Affected

logitech

unifying_dongle
unifying_firmware

dell

km632_firmware
km714_dongle
km632_wireless_keyboard
km714_wireless_keyboard
km632_dongle
km714_firmware

amazonbasics

usb_dongle
wireless_keyboard
firmware

lenovo

ultraslim_firmware
ultraslim_dongle
ultraslim_wireless_keyboard

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.bastille.net/research/vulnerabilities/keyjack", "name": "https://www.bastille.net/research/vulnerabilities/keyjack", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt", "name": "https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt", "tags": ["Third Party Advisory"], "refsource": "MISC"}, {"url": "https://support.lenovo.com/product_security/len_7267", "name": "https://support.lenovo.com/product_security/len_7267", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/92179", "name": "92179", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a \"KeyJack injection attack.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-310"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2016-6257", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}}, "publishedDate": "2016-08-02T14:59Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:amazonbasics:firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:amazonbasics:usb_dongle:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:amazonbasics:wireless_keyboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:km714_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "012.005.00028"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:km714_dongle:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:dell:km714_wireless_keyboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:dell:km632_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:dell:km632_dongle:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:dell:km632_wireless_keyboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:logitech:unifying_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "024.003.00027"}, {"cpe23Uri": "cpe:2.3:o:logitech:unifying_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "012.005.00028"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:logitech:unifying_dongle:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:lenovo:ultraslim_firmware:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:lenovo:ultraslim_wireless_keyboard:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:lenovo:ultraslim_dongle:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-04-22T21:21Z"}

6.5 /10

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

3.3 /10

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

JSON object

Attach tags to CVE-2016-6257

6.5^/10

3.3^/10

Attach tags to `CVE-2016-6257`