CVE-2017-15361

MEDIUM

Infineon RSA library <1.02.013 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2017-15361. PoCs published by nsacyber, titanous, 0xxon.

AI-analyzed exploit summary This repository contains detection scripts for CVE-2017-15361, a vulnerability in Infineon TPM firmware affecting RSA key generation. It includes scripts for Linux and Windows to check if a system's TPM is vulnerable.

Description

The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS.

Exploits (6)

nomisec SCANNER 61 stars
by nsacyber · poc
https://github.com/nsacyber/Detect-CVE-2017-15361-TPM

This repository contains detection scripts for CVE-2017-15361, a vulnerability in Infineon TPM firmware affecting RSA key generation. It includes scripts for Linux and Windows to check if a system's TPM is vulnerable.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Infineon TPM firmware versions 4.0-4.33, 4.4-4.42, 5.0-5.61, 6.0-6.42, 7.0-7.61, 133.0-133.32, 149.0-149.32
No auth needed
Prerequisites: Access to the system with TPM · TPM driver installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 16 stars
by titanous · poc
https://github.com/titanous/rocacheck

This repository provides a Go implementation of the ROCA vulnerability detection algorithm (CVE-2017-15361) to check if an RSA key was generated by flawed Infineon code. It includes a library and test cases for validating weak and strong keys.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Infineon-generated RSA keys (various versions)
No auth needed
Prerequisites: Access to RSA public keys for analysis
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by 0xxon · poc
https://github.com/0xxon/zeek-plugin-roca

This repository contains a Zeek plugin for detecting CVE-2017-15361 (ROCA vulnerability) in public keys. It implements the detection algorithm and provides BIFs to check certificates and moduli for vulnerability.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: Zeek (formerly Bro) with GMP library
No auth needed
Prerequisites: GMP library installed · Zeek environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER 2 stars
by lva · poc
https://github.com/lva/Infineon-CVE-2017-15361

This PowerShell script checks if a system's Infineon TPM firmware is vulnerable to CVE-2017-15361 by comparing firmware versions against known affected ranges. It does not exploit the vulnerability but serves as a detection tool.

Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Infineon TPM firmware (various versions)
Auth required
Prerequisites: Administrator privileges · Windows 8.1 or later · Infineon TPM chip present
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by Elbarbons · poc
https://github.com/Elbarbons/ROCA-attack-on-vulnerability-CVE-2017-15361

This repository contains a proof-of-concept implementation of the ROCA attack (CVE-2017-15361), which exploits a vulnerability in RSA key generation to factorize weak RSA moduli. The code includes key generation, fingerprinting, and attack modules to demonstrate the vulnerability.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Complex
Reliability
Reliable
Target: RSA libraries with vulnerable key generation (e.g., Infineon TPM)
No auth needed
Prerequisites: Vulnerable RSA key generated with weak primes
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec SCANNER
by 0xxon · poc
https://github.com/0xxon/roca

This code is a scanner for detecting RSA keys vulnerable to the ROCA vulnerability (CVE-2017-15361). It checks if a given modulus is vulnerable by testing specific mathematical properties.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target: RSA keys generated by Infineon TPMs (vulnerable to ROCA)
No auth needed
Prerequisites: A list of RSA moduli to test
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (22)

Core 22
Core References
Various Sources x_refsource_misc
https://blog.cr.yp.to/20171105-infineon.html
Mitigation, Third Party Advisory x_refsource_misc
https://monitor.certipath.com/rsatest
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
Issue Tracking, Mitigation, Third Party Advisory x_refsource_misc
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Mitigation, Third Party Advisory x_refsource_confirm
http://support.lenovo.com/us/en/product_security/LEN-15552
Mitigation, Third Party Advisory x_refsource_misc
https://github.com/iadgov/Detect-CVE-2017-15361-TPM
Issue Tracking, Mitigation, Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/307015
Mitigation, Third Party Advisory x_refsource_misc
https://github.com/crocs-muni/roca
Issue Tracking, Mitigation, Patch, Third Party Advisory x_refsource_misc
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update
Mitigation, Third Party Advisory x_refsource_confirm
https://www.yubico.com/support/security-advisories/ysa-2017-01/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101484
Issue Tracking, Mitigation, Third Party Advisory x_refsource_misc
https://keychest.net/roca
Vendor Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20171024-0001/

Scores

CVSS v3 5.9
EPSS 0.7344
EPSS Percentile 98.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (5)
infineon/rsa_library < 1.02.013
infineon/trusted_platform_firmware 4.31
infineon/trusted_platform_firmware 4.32
infineon/trusted_platform_firmware 6.40
infineon/trusted_platform_firmware 133.32
Published Oct 16, 2017
Tracked Since Feb 18, 2026