Vulnerability Description
An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access can send a static packet to a serial port exposed on the PCB to unlock the key and get access to the data without possessing the required fingerprint.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Meco | Usb Memory Stick With Fingerprint Firwmare | - |
| Meco | Usb Memory Stick With Fingerprint | - |
Related Weaknesses (CWE)
References
- https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335Third Party Advisory
- https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB
- https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encryptedThird Party Advisory
- https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-wayThird Party Advisory
- https://gist.github.com/audebert/ef6e206a27ededd1386cff48604e9335Third Party Advisory
- https://www.blackhat.com/docs/us-17/thursday/us-17-Picod-Attacking-Encrypted-USB
- https://www.blackhat.com/us-17/briefings/schedule/index.html#attacking-encryptedThird Party Advisory
- https://www.elie.net/talk/attacking-encrypted-usb-keys-the-hardware-wayThird Party Advisory
FAQ
What is CVE-2017-16242?
CVE-2017-16242 is a vulnerability with a CVSS score of 6.8 (MEDIUM). An issue was discovered on MECO USB Memory Stick with Fingerprint MECOZiolsamDE601 devices. The fingerprint authentication requirement for data access can be bypassed. An attacker with physical access...
How severe is CVE-2017-16242?
CVE-2017-16242 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16242?
Check the references section above for vendor advisories and patch information. Affected products include: Meco Usb Memory Stick With Fingerprint Firwmare, Meco Usb Memory Stick With Fingerprint.