CVE-2016-6257 — MEDIUM (6.5)

Q: How severe is CVE-2016-6257?

CVE-2016-6257 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-6257?

Check the references section above for vendor advisories and patch information. Affected products include: Amazonbasics Firmware, Amazonbasics Usb Dongle, Amazonbasics Wireless Keyboard, Dell Km714 Firmware, Dell Km714 Dongle.

Vulnerability Description

The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Amazonbasics	Firmware	-
Amazonbasics	Usb Dongle	-
Amazonbasics	Wireless Keyboard	-
Dell	Km714 Firmware	<= 012.005.00028
Dell	Km714 Dongle	-
Dell	Km714 Wireless Keyboard	-
Dell	Km632 Firmware	-
Dell	Km632 Dongle	-
Dell	Km632 Wireless Keyboard	-
Logitech	Unifying Firmware	<= 012.005.00028
Logitech	Unifying Dongle	-
Lenovo	Ultraslim Firmware	-
Lenovo	Ultraslim Dongle	-
Lenovo	Ultraslim Wireless Keyboard	-

Related Weaknesses (CWE)

CWE-310

References

http://www.securityfocus.com/bid/92179Third Party AdvisoryVDB Entry
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-Third Party Advisory
https://support.lenovo.com/product_security/len_7267Vendor Advisory
https://www.bastille.net/research/vulnerabilities/keyjackThird Party Advisory
http://www.securityfocus.com/bid/92179Third Party AdvisoryVDB Entry
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-Third Party Advisory
https://support.lenovo.com/product_security/len_7267Vendor Advisory
https://www.bastille.net/research/vulnerabilities/keyjackThird Party Advisory

FAQ

What is CVE-2016-6257?

CVE-2016-6257 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing...

How severe is CVE-2016-6257?

CVE-2016-6257 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-6257?

Check the references section above for vendor advisories and patch information. Affected products include: Amazonbasics Firmware, Amazonbasics Usb Dongle, Amazonbasics Wireless Keyboard, Dell Km714 Firmware, Dell Km714 Dongle.