CVE-2021-3011

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

CVSS v3.0 4.2 MEDIUM
CVSS v2.0 1.9 LOW

4.2^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf	Exploit Technical Description Third Party Advisory
https://ninjalab.io/a-side-journey-to-titan/	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:ftsafe:k13:-:::::::*
	cpe:2.3:h:ftsafe:k21:-:::::::*
	cpe:2.3:h:ftsafe:k40:-:::::::*
	cpe:2.3:h:ftsafe:k9:-:::::::*
	cpe:2.3:h:google:titan_security_key:-:::::::*
	cpe:2.3:h:nxp:3a081:-:::::::*
	cpe:2.3:h:nxp:a7005a:-:::::::*
	cpe:2.3:h:nxp:j2a081:-:::::::*
	cpe:2.3:h:nxp:j2d081_m59:-:::::::*
	cpe:2.3:h:nxp:j2d081_m61:-:::::::*
	cpe:2.3:h:nxp:j2d082_m60:-:::::::*
	cpe:2.3:h:nxp:j3a041:-:::::::*
	cpe:2.3:h:nxp:j3d145_m59:-:::::::*
	cpe:2.3:h:nxp:j2d145_m59:-:::::::*
	cpe:2.3:h:nxp:j3d120_m60:-:::::::*
	cpe:2.3:h:nxp:j3d082_m60:-:::::::*
	cpe:2.3:h:nxp:j2d120_m60:-:::::::*
	cpe:2.3:h:nxp:j3d081_m59:-:::::::*
	cpe:2.3:h:nxp:j3d081_m61:-:::::::*
	cpe:2.3:h:nxp:j3d081_m59_df:-:::::::*
	cpe:2.3:h:nxp:j3d081_m61_df:-:::::::*
	cpe:2.3:h:nxp:j2e081_m64:-:::::::*
	cpe:2.3:h:nxp:j3e041_m66:-:::::::*
	cpe:2.3:h:nxp:j3e016_m66:-:::::::*
	cpe:2.3:h:nxp:j3e016_m64:-:::::::*
	cpe:2.3:h:nxp:j3e041_m64:-:::::::*
	cpe:2.3:h:nxp:j2e145_m64:-:::::::*
	cpe:2.3:h:nxp:j2e120_m65:-:::::::*
	cpe:2.3:h:nxp:j2e082_m65:-:::::::*
	cpe:2.3:h:nxp:j3e041_m66_df:-:::::::*
	cpe:2.3:h:nxp:j3e016_m66_df:-:::::::*
	cpe:2.3:h:nxp:j3e041_m64_df:-:::::::*
	cpe:2.3:h:nxp:j3e016_m64_df:-:::::::*
	cpe:2.3:h:yubico:yubikey_neo:-:::::::*
	cpe:2.3:h:nxp:j3e081_m64:-:::::::*
	cpe:2.3:h:nxp:j3e081_m66:-:::::::*
	cpe:2.3:h:nxp:j3e145_m64:-:::::::*
	cpe:2.3:h:nxp:j3e120_m65:-:::::::*
	cpe:2.3:h:nxp:j3e082_m65:-:::::::*
	cpe:2.3:h:nxp:j3e081_m64_df:-:::::::*
	cpe:2.3:h:nxp:j3e081_m66_df:-:::::::*
	cpe:2.3:h:nxp:smartmx2_p60:-:::::::*
	cpe:2.3:h:nxp:smartmx3_p71d320:-:::::::*
	cpe:2.3:h:nxp:smartmx3_p71d321:-:::::::*
	cpe:2.3:h:nxp:p5040:-:::::::*
	cpe:2.3:h:nxp:p5021:-:::::::*
	cpe:2.3:h:nxp:p5020:-:::::::*
	cpe:2.3:h:nxp:p5010:-:::::::*

Information

Published : 2021-01-07 08:15

Updated : 2021-01-20 08:03

NVD link : CVE-2021-3011

Mitre link : CVE-2021-3011

JSON object : View

CWE

CWE-203

Observable Discrepancy

Products Affected

nxp

j3d081_m61
j2d145_m59
j2e081_m64
j3e081_m66
j3e016_m64
j3e041_m64
j3e081_m66_df
j3e016_m64_df
j3e016_m66
j2a081
j3e016_m66_df
j3e041_m66_df
smartmx3_p71d321
p5040
j2d082_m60
j3e120_m65
j3e041_m66
j3a041
smartmx2_p60
smartmx3_p71d320
j3d081_m61_df
a7005a
j3e082_m65
3a081
p5021
j3d081_m59_df
j3e081_m64
j3e145_m64
p5020
j3d145_m59
j2e120_m65
j2d081_m61
j3e041_m64_df
j2d120_m60
j3e081_m64_df
j3d082_m60
p5010
j2e145_m64
j2e082_m65
j3d120_m60
j2d081_m59
j3d081_m59

ftsafe

google

titan_security_key

yubico

yubikey_neo

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf", "name": "https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://ninjalab.io/a-side-journey-to-titan/", "name": "https://ninjalab.io/a-side-journey-to-titan/", "tags": ["Third Party Advisory"], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-203"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-3011", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}}, "publishedDate": "2021-01-07T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ftsafe:k13:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ftsafe:k21:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ftsafe:k40:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ftsafe:k9:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:google:titan_security_key:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:3a081:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:a7005a:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2a081:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2d081_m59:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2d081_m61:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2d082_m60:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3a041:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3d145_m59:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2d145_m59:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3d120_m60:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3d082_m60:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2d120_m60:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3d081_m59:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3d081_m61:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3d081_m59_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3d081_m61_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2e081_m64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e041_m66:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e016_m66:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e016_m64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e041_m64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2e145_m64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2e120_m65:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j2e082_m65:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e041_m66_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e016_m66_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e041_m64_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e016_m64_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:yubico:yubikey_neo:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e081_m64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e081_m66:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e145_m64:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e120_m65:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e082_m65:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e081_m64_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:j3e081_m66_df:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:smartmx2_p60:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:smartmx3_p71d320:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:smartmx3_p71d321:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:p5040:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:p5021:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:p5020:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:nxp:p5010:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2021-01-20T16:03Z"}

4.2 /10

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-3011

4.2^/10

1.9^/10

Attach tags to `CVE-2021-3011`