CVE-2017-8360 — MEDIUM (5.5)

Q: How severe is CVE-2017-8360?

CVE-2017-8360 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-8360?

Check the references section above for vendor advisories and patch information. Affected products include: Conexant Mictray64, Hp Elite X2 1012 G1, Hp Elitebook 1030 G1, Hp Elitebook 725 G3, Hp Elitebook 745 G3.

Vulnerability Description

Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyboardProc Windows hook is used to capture keystrokes. This data is leaked via unintended channels: debug messages accessible to any process that is running in the current user session, and filesystem access to C:\Users\Public\MicTray.log by any process.

CVSS Score

5.5

MEDIUM

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Conexant	Mictray64	<= 1.0.0.46
Hp	Elite X2 1012 G1	-
Hp	Elitebook 1030 G1	-
Hp	Elitebook 725 G3	-
Hp	Elitebook 745 G3	-
Hp	Elitebook 755 G3	-
Hp	Elitebook 820 G3	-
Hp	Elitebook 828 G3	-
Hp	Elitebook 840 G3	-
Hp	Elitebook 848 G3	-
Hp	Elitebook 850 G3	-
Hp	Elitebook Folio 1040 G3	-
Hp	Elitebook Folio G1	-
Hp	Probook 430 G3	-
Hp	Probook 440 G3	-
Hp	Probook 446 G3	-
Hp	Probook 450 G3	-
Hp	Probook 455 G3	-
Hp	Probook 470 G3	-
Hp	Probook 640 G2	-

Related Weaknesses (CWE)

CWE-200

References

http://www.securitytracker.com/id/1038527
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txtExploitMitigationTechnical Description
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packarExploitTechnical DescriptionThird Party Advisory
http://www.securitytracker.com/id/1038527
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txtExploitMitigationTechnical Description
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packarExploitTechnical DescriptionThird Party Advisory

FAQ

What is CVE-2017-8360?

CVE-2017-8360 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ProBook, and ZBook systems, leaks sensitive data (keystrokes) to any process. In mictray64.exe (mic tray icon) 1.0.0.46, a LowLevelKeyb...

How severe is CVE-2017-8360?

CVE-2017-8360 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-8360?

Check the references section above for vendor advisories and patch information. Affected products include: Conexant Mictray64, Hp Elite X2 1012 G1, Hp Elitebook 1030 G1, Hp Elitebook 725 G3, Hp Elitebook 745 G3.