Keylime 6.4.2

CPE Details

Keylime 6.4.2
keylime
keylime
6.4.2
2022-11-25
14h14 +00:00
2022-11-25
14h22 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:keylime:keylime:6.4.2:*:*:*:*:*:*:*

Informations

Vendor

keylime

Product

keylime

Version

6.4.2

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-38201 2023-08-25 16h15 +00:00 A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimate user, resulting in a breach of the integrity of the registrar database.
6.5
Medium
CVE-2023-3674 2023-07-19 18h25 +00:00 A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.
2.8
Low
CVE-2022-3500 2022-11-21 23h00 +00:00 A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state but not verifying that anymore.
5.1
Medium
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.