CVE-2021-3011

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF).

CVSS v3 4.2 MEDIUM
CVSS v2.0 1.9 LOW

4.2^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.5 / Impact : 3.6

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://ninjalab.io/a-side-journey-to-titan/	Third Party Advisory
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf	Exploit Technical Description Third Party Advisory
https://ninjalab.io/a-side-journey-to-titan/	Third Party Advisory
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf	Exploit Technical Description Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:ftsafe:k13:-:::::::*
	cpe:2.3:h:ftsafe:k21:-:::::::*
	cpe:2.3:h:ftsafe:k40:-:::::::*
	cpe:2.3:h:ftsafe:k9:-:::::::*
	cpe:2.3:h:google:titan_security_key:-:::::::*
	cpe:2.3:h:nxp:3a081:-:::::::*
	cpe:2.3:h:nxp:a7005a:-:::::::*
	cpe:2.3:h:nxp:j2a081:-:::::::*
	cpe:2.3:h:nxp:j2d081_m59:-:::::::*
	cpe:2.3:h:nxp:j2d081_m61:-:::::::*
	cpe:2.3:h:nxp:j2d082_m60:-:::::::*
	cpe:2.3:h:nxp:j2d120_m60:-:::::::*
	cpe:2.3:h:nxp:j2d145_m59:-:::::::*
	cpe:2.3:h:nxp:j2e081_m64:-:::::::*
	cpe:2.3:h:nxp:j2e082_m65:-:::::::*
	cpe:2.3:h:nxp:j2e120_m65:-:::::::*
	cpe:2.3:h:nxp:j2e145_m64:-:::::::*
	cpe:2.3:h:nxp:j3a041:-:::::::*
	cpe:2.3:h:nxp:j3d081_m59:-:::::::*
	cpe:2.3:h:nxp:j3d081_m59_df:-:::::::*
	cpe:2.3:h:nxp:j3d081_m61:-:::::::*
	cpe:2.3:h:nxp:j3d081_m61_df:-:::::::*
	cpe:2.3:h:nxp:j3d082_m60:-:::::::*
	cpe:2.3:h:nxp:j3d120_m60:-:::::::*
	cpe:2.3:h:nxp:j3d145_m59:-:::::::*
	cpe:2.3:h:nxp:j3e016_m64:-:::::::*
	cpe:2.3:h:nxp:j3e016_m64_df:-:::::::*
	cpe:2.3:h:nxp:j3e016_m66:-:::::::*
	cpe:2.3:h:nxp:j3e016_m66_df:-:::::::*
	cpe:2.3:h:nxp:j3e041_m64:-:::::::*
	cpe:2.3:h:nxp:j3e041_m64_df:-:::::::*
	cpe:2.3:h:nxp:j3e041_m66:-:::::::*
	cpe:2.3:h:nxp:j3e041_m66_df:-:::::::*
	cpe:2.3:h:nxp:j3e081_m64:-:::::::*
	cpe:2.3:h:nxp:j3e081_m64_df:-:::::::*
	cpe:2.3:h:nxp:j3e081_m66:-:::::::*
	cpe:2.3:h:nxp:j3e081_m66_df:-:::::::*
	cpe:2.3:h:nxp:j3e082_m65:-:::::::*
	cpe:2.3:h:nxp:j3e120_m65:-:::::::*
	cpe:2.3:h:nxp:j3e145_m64:-:::::::*
	cpe:2.3:h:nxp:p5010:-:::::::*
	cpe:2.3:h:nxp:p5020:-:::::::*
	cpe:2.3:h:nxp:p5021:-:::::::*
	cpe:2.3:h:nxp:p5040:-:::::::*
	cpe:2.3:h:yubico:yubikey_neo:-:::::::*

History

21 Nov 2024, 06:20

Type	Values Removed	Values Added
References	~~() https://ninjalab.io/a-side-journey-to-titan/ - Third Party Advisory~~	() https://ninjalab.io/a-side-journey-to-titan/ - Third Party Advisory
References	~~() https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf - Exploit, Technical Description, Third Party Advisory~~	() https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf - Exploit, Technical Description, Third Party Advisory

15 Feb 2024, 21:20

Type	Values Removed	Values Added
CWE	~~CWE-203~~	CWE-670

20 Jul 2023, 18:53

Type	Values Removed	Values Added
CPE	cpe:2.3:h:nxp:smartmx3_p71d321:-:::::::* cpe:2.3:h:nxp:smartmx3_p71d320:-:::::::* cpe:2.3:h:nxp:smartmx2_p60:-:::::::*

Information

Published : 2021-01-07 16:15

Updated : 2024-11-21 06:20

NVD link : CVE-2021-3011

Mitre link : CVE-2021-3011

CVE.ORG link : CVE-2021-3011

JSON object : View

Products Affected

ftsafe

nxp

j3d081_m59
j3e081_m66
j3e082_m65
j3e016_m66
j3e016_m64
j3e081_m64_df
j3e016_m64_df
j3e081_m64
j3e145_m64
p5040
j2e120_m65
j3d081_m59_df
j2a081
j2d081_m61
j3d120_m60
j2e082_m65
p5010
j3d081_m61_df
j3e081_m66_df
j2d120_m60
3a081
j3e041_m64_df
j3a041
p5021
j3e041_m66
j3e016_m66_df
j2d145_m59
j2d082_m60
j3d081_m61
p5020
j2e081_m64
a7005a
j3e041_m66_df
j2d081_m59
j3e041_m64
j3e120_m65
j2e145_m64
j3d145_m59
j3d082_m60

yubico

yubikey_neo

google

titan_security_key

CWE

CWE-670

Always-Incorrect Control Flow Implementation

{"id": "CVE-2021-3011", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.2, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 0.5}]}, "published": "2021-01-07T16:15:12.120", "references": [{"url": "https://ninjalab.io/a-side-journey-to-titan/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://ninjalab.io/a-side-journey-to-titan/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-670"}]}], "descriptions": [{"lang": "en", "value": "An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access (and consequently produce a clone). This was demonstrated on the Google Titan Security Key, based on an NXP A7005a chip. Other FIDO U2F security keys are also impacted (Yubico YubiKey Neo and Feitian K9, K13, K21, and K40) as well as several NXP JavaCard smartcards (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120_M60, J3D082_M60, J2D120_M60, J2D082_M60, J3D081_M59, J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, and J3E016_M64_DF)."}, {"lang": "es", "value": "Se detect\u00f3 un problema de canal lateral de ondas electromagn\u00e9ticas en los microcontroladores de seguridad NXP SmartMX / P5x y en los microcontroladores de autenticaci\u00f3n segura A7x, con CryptoLib versiones hasta v2.9. Permite a los atacantes extraer la clave privada ECDSA despu\u00e9s de un acceso f\u00edsico extenso (y en consecuencia producir un clon). Esto se demostr\u00f3 en la Google Titan Security Key, basada en un chip NXP A7005a. Tambi\u00e9n est\u00e1n afectadas otras claves de seguridad FIDO U2F (Yubico YubiKey Neo y Feitian K9, K13, K21 y K40), as\u00ed como varias tarjetas inteligentes NXP JavaCard (J3A081, J2A081, J3A041, J3D145_M59, J2D145_M59, J3D120D_M60, J3D120_M60, , J2D081_M59, J3D081_M61, J2D081_M61, J3D081_M59_DF, J3D081_M61_DF, J3E081_M64, J3E081_M66, J2E081_M64, J3E041_M66, J3E016_M66, J3E016_M64, J3E041_M64, J3E145_M64, J3E120_M65, J3E082_M65, J2E145_M64, J2E120_M65, J2E082_M65, J3E081_M64_DF, J3E081_M66_DF, J3E041_M66_DF, J3E016_M66_DF, J3E041_M64_DF, y J3E016_M64_DF)"}], "lastModified": "2024-11-21T06:20:44.607", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ftsafe:k13:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C371A9EB-9913-47B6-B700-52AA684BEB83"}, {"criteria": "cpe:2.3:h:ftsafe:k21:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B74A66D7-2BBA-4948-92C2-9C95708A52F6"}, {"criteria": "cpe:2.3:h:ftsafe:k40:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4F8157B9-62EA-4D8C-BAA5-3E06D6D2BC6E"}, {"criteria": "cpe:2.3:h:ftsafe:k9:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6002CC8B-FA41-41D5-9155-2E968833B245"}, {"criteria": "cpe:2.3:h:google:titan_security_key:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3898349-B3AA-4A52-B596-6134A8C761BA"}, {"criteria": "cpe:2.3:h:nxp:3a081:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3562892-1B90-4C6F-ADF6-9B9315A97D85"}, {"criteria": "cpe:2.3:h:nxp:a7005a:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B72F8FB7-55F6-4BF2-B178-E75135907FD3"}, {"criteria": "cpe:2.3:h:nxp:j2a081:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF331FEC-7AD1-4A29-AD96-0B1FDDDDF70C"}, {"criteria": "cpe:2.3:h:nxp:j2d081_m59:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7BB5400-8634-4CCE-BC17-ADEEC3A24097"}, {"criteria": "cpe:2.3:h:nxp:j2d081_m61:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DA83214-E840-4522-875F-96ED46B5D068"}, {"criteria": "cpe:2.3:h:nxp:j2d082_m60:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F32A1832-015C-421D-B570-D37BA3DC4AE1"}, {"criteria": "cpe:2.3:h:nxp:j2d120_m60:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7300C2AB-30EE-424B-9E0F-AE2F67D215BD"}, {"criteria": "cpe:2.3:h:nxp:j2d145_m59:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BEA4901-319E-4A3C-9393-B32C23C5FCF4"}, {"criteria": "cpe:2.3:h:nxp:j2e081_m64:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B597069C-1B95-4C29-B1E6-9C46297D1621"}, {"criteria": "cpe:2.3:h:nxp:j2e082_m65:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E7E0363-585F-4310-8E93-F8DE8044AA5E"}, {"criteria": "cpe:2.3:h:nxp:j2e120_m65:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51B0362D-BAF3-4BA0-BCE2-0852012C1423"}, {"criteria": "cpe:2.3:h:nxp:j2e145_m64:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38F010FF-A3C7-44B6-A99B-6EAF42CAEF22"}, {"criteria": "cpe:2.3:h:nxp:j3a041:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D93C794-F9E5-4D7B-BF05-EE51BFF2F794"}, {"criteria": "cpe:2.3:h:nxp:j3d081_m59:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DF9D4FF-9ADA-4B42-9591-6D5227861EFA"}, {"criteria": "cpe:2.3:h:nxp:j3d081_m59_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "682345E4-9A4D-486D-9924-A2D7433F57AA"}, {"criteria": "cpe:2.3:h:nxp:j3d081_m61:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9223E194-B6D7-42A8-8362-4D3246EDFB56"}, {"criteria": "cpe:2.3:h:nxp:j3d081_m61_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5789608-2A02-4332-818C-429234174C0E"}, {"criteria": "cpe:2.3:h:nxp:j3d082_m60:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "091BA771-F84E-46BF-9E75-A249E1BF5CF4"}, {"criteria": "cpe:2.3:h:nxp:j3d120_m60:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DB660B5B-A473-4C9D-BC88-87BE8CB2E955"}, {"criteria": "cpe:2.3:h:nxp:j3d145_m59:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA287167-585B-4847-8590-168D8E41205D"}, {"criteria": "cpe:2.3:h:nxp:j3e016_m64:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4115F576-AF8F-4BF1-A2C4-FDA7CE918B82"}, {"criteria": "cpe:2.3:h:nxp:j3e016_m64_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C98E519-621A-4D49-B32B-7D72A22E0447"}, {"criteria": "cpe:2.3:h:nxp:j3e016_m66:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE8EF22-82E3-4F36-94A2-DA7C84462667"}, {"criteria": "cpe:2.3:h:nxp:j3e016_m66_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE3B9214-0A5D-4CDF-A7A9-16EF0F2431EC"}, {"criteria": "cpe:2.3:h:nxp:j3e041_m64:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD017E8-0225-4D37-8A41-5EE088ADEE54"}, {"criteria": "cpe:2.3:h:nxp:j3e041_m64_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "007D7B9E-D431-482B-A576-68DAAA07C037"}, {"criteria": "cpe:2.3:h:nxp:j3e041_m66:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB41A3E7-EF91-4182-AC47-70C9B23FF7F4"}, {"criteria": "cpe:2.3:h:nxp:j3e041_m66_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22163B7D-4A6F-4DF3-8F93-8D6FD5809DA3"}, {"criteria": "cpe:2.3:h:nxp:j3e081_m64:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A590808-A5DB-4EBC-8523-0A4AEC200D9C"}, {"criteria": "cpe:2.3:h:nxp:j3e081_m64_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C6E1109-7E28-4FB3-BED1-C879223496D6"}, {"criteria": "cpe:2.3:h:nxp:j3e081_m66:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F19FEED6-094A-480C-AE55-4D07A22C0B21"}, {"criteria": "cpe:2.3:h:nxp:j3e081_m66_df:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBEA8BFE-CFFC-4F8A-9DA0-EBDCEE3FC190"}, {"criteria": "cpe:2.3:h:nxp:j3e082_m65:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C719CEF5-FAB5-49E2-95DB-8F5B8512911C"}, {"criteria": "cpe:2.3:h:nxp:j3e120_m65:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "840BE528-2E2F-4B56-ABF4-945593059AB7"}, {"criteria": "cpe:2.3:h:nxp:j3e145_m64:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "293D83EA-BECC-41FD-B196-5F78634F0C72"}, {"criteria": "cpe:2.3:h:nxp:p5010:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58633538-559B-4754-8CC7-8773B4471599"}, {"criteria": "cpe:2.3:h:nxp:p5020:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1A91708-A1D7-4BB1-899E-67119D76AAD1"}, {"criteria": "cpe:2.3:h:nxp:p5021:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1C0F199-D373-4DDF-8C11-35F4C55F27F6"}, {"criteria": "cpe:2.3:h:nxp:p5040:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8432727D-A0E2-49C1-9F90-91A6F5A940CD"}, {"criteria": "cpe:2.3:h:yubico:yubikey_neo:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "850230EE-E2A8-4BE7-A1D3-2C36D1A89C7E"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

4.2 /10

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

JSON object

Attach tags to CVE-2021-3011

4.2^/10

1.9^/10

Attach tags to `CVE-2021-3011`