Skip to content
This repository has been archived by the owner on Apr 25, 2019. It is now read-only.

Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber

License

Notifications You must be signed in to change notification settings

nsacyber/Detect-CVE-2017-15361-TPM

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Detect Trusted Platform Modules Vulnerable to CVE-2017-15361

This repository provides content for aiding DoD administrators in detecting systems that have an enabled Trusted Platform Module (TPM) that is vulnerable to CVE-2017-15361 and is a companion to Information Assurance Advisory RSA Key Generation Vulnerability Affecting Trusted Platform Modules. The files in this repository can be downloaded as a zip file here.

The main files of interest in the repository include:

  • windows/Detect-CVE-2017-15361-TPM.audit - a custom Nessus audit file useful for DoD administrators who want to scan Windows systems on their network with Nessus (acquire via the ACAS program). TPM 1.2 and TPM 2.0 devices are supported.
  • windows/Detect-CVE-2017-15361-TPM.ps1 - a PowerShell script useful for DoD administrators who want to locally test a single, standalone system. TPM 1.2 and TPM 2.0 devices are supported.
  • linux/Detect-CVE-2017-15361-TPM.audit - a custom Nessus audit file useful for DoD administrators who want to scan Linux systems on their network with Nessus (acquire via the ACAS program). Only TPM 1.2 devices are supported.
  • linux/Detect-CVE-2017-15361-TPM.sh - a bash script useful for DoD users who want to locally test a single, standalone Linux system. Only TPM 1.2 devices are supported.

Support files in the repository include:

  • GenerateWindowsNessusAuditFile.ps1 - a PowerShell script that generates the Detect-CVE-2017-15361-TPM.audit file for Windows based on code in the Detect-CVE-2017-15361-TPM.ps1 file.

Infineon TPM firmware versions affected:

  • 4.0 - 4.33
  • 4.4 - 4.42
  • 5.0 - 5.61
  • 6.0 - 6.42
  • 7.0 - 7.61
  • 133.0 - 133.32
  • 149.0 - 149.32

Links

Original research identifying the issue:

More information about the vulnerability:

More information on operating system patches and TPM firmware updates:

More information about other devices that are affected:

Tools for checking if your RSA key is affected:

License

See LICENSE.

Disclaimer

See DISCLAIMER.