CVE-2017-7932
MEDIUMNXP i.MX and Vybrid Firmware - Improper Certificate Validation
Title source: llmDescription
An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.
References (2)
Core 2
Core References
Third Party Advisory, US Government Resource, VDB Entry x_refsource_misc
https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/99966
Scores
CVSS v3
6.0
EPSS
0.0026
EPSS Percentile
17.0%
Attack Vector
PHYSICAL
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H
Details
CWE
CWE-295
Status
published
Products (31)
n/a/NXP i.MX Product Family
NXP i.MX Product Family
nxp/i.mx_28_firmware
nxp/i.mx_50_firmware
nxp/i.mx_53_firmware
nxp/i.mx_6dual_firmware
nxp/i.mx_6duallite_firmware
nxp/i.mx_6dualplus_firmware
nxp/i.mx_6quad_firmware
nxp/i.mx_6quadplus_firmware
nxp/i.mx_6solo_firmware
... and 21 more
Published
Aug 07, 2017
Tracked Since
Feb 18, 2026