Published: 21/09/2022 Updated: 22/09/2022
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

Vulnerability Summary

A vulnerability in Keylime prior to 6.3.0 allows an malicious user to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

keylime keylime

Mailing Lists

Hello list, I have been reviewing the Keylime TPM remote attestation solution [1] which resulted in a number of security related findings, including an arbitrary remote code execution in the Keylime Agent component The upstream project published security advisories, fixes and an update strategy to Keylime version 63X today Please find the deta ...