Published: 17/08/2018 Updated: 03/10/2019

CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8

VMScore: 321

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P

An issue exists that affects all producers of BIOS firmware who make a certain realistic interpretation of an obscure portion of the Trusted Computing Group (TCG) Trusted Platform Module (TPM) 2.0 specification. An abnormal case is not handled properly by this firmware while S3 sleep and can clear TPM 2.0. It allows local users to overwrite static PCRs of TPM and neutralize the security features of it, such as seal/unseal and remote attestation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
trustedcomputinggroup trusted platform module 2.0

Potential security vulnerabilities have been identified with the Trusted Platform Module (TPM) that allow an unauthorized third party to modify the TPM configuration following an S3 Resume, allowing unauthorized access to the system and its data ...

,║▒▒▒▒▒▒@╖ ╥▒▒╝ ▒▒▒╢ ]▒▒╢ ]▒▒╢ ]▒▒▒ j▒▒╢ , ,╖║▒▒▒ ,╓╖, ╓@╬@╥╥

TPM vulnerability checking tool for CVE-2018-6622. This tool will be published at Black Hat Asia 2019 and Black Hat Europe 2019

,----------------, ,---------, ,-----------------------, ," ,"| ," Napper v13 for TPM ," | ," ," | +-----------------------+ | ," ," | | -----------------Z | | +---------+ | | | Z |

,║▒▒▒▒▒▒@╖ ╥▒▒╝ ▒▒▒╢ ]▒▒╢ ]▒▒╢ ]▒▒▒ j▒▒╢ , ,╖║▒▒▒ ,╓╖, ╓@╬@╥╥

NVD-CWE-noinfo https://www.usenix.org/conference/usenixsecurity18/presentation/han http://www.securityfocus.com/bid/105203 https://nvd.nist.gov https://github.com/jai199/Bitleaker https://github.com/kkamagui/napper-for-tpm https://support.hp.com/us-en/document/c06265284

CVE-2018-6622

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect