CVE-2017-7932

MEDIUM

NXP Vybrid Mvf30nn151cku26 Firmware - Improper Certificate Validation

Title source: rule

Description

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99966

[Third Party Advisory, US Government Resource, VDB Entry] https://ics-cert.us-cert.gov/advisories/ICSA-17-152-02

Scores

CVSS v3 6.0

EPSS 0.0003

EPSS Percentile 9.2%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:H

Details

CWE

CWE-295

Status published

Products (31)

nxp/vybrid_mvf30nn151cku26_firmware

nxp/vybrid_mvf30ns151cku26_firmware

nxp/vybrid_mvf50nn151cmk40_firmware

nxp/vybrid_mvf50nn151cmk50_firmware

nxp/vybrid_mvf50ns151cmk40_firmware

nxp/vybrid_mvf50ns151cmk50_firmware

nxp/vybrid_mvf51nn151cmk50_firmware

nxp/vybrid_mvf51ns151cmk50_firmware

nxp/vybrid_mvf60nn151cmk40_firmware

nxp/vybrid_mvf60ns151cmk40_firmware

... and 21 more

Published Aug 07, 2017

Tracked Since Feb 18, 2026