National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2017-13095

Change History

Initial Analysis - 9/19/2018 11:18:41 AM

Action Type Old Value New Value
Added CWE
CWE-310
Added Evaluator Description
According to https://www.kb.cert.org/vuls/id/739007:
The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
<br />

Commercial electronic design automation (EDA) tools that utilize the P1735 standard, or products designed with such EDA tools may be vulnerable.
<br />
The CPE configuration provided is likely not inclusive of all vulnerable products.  Please contact the vendor of your product for more information.
Changed Reference Type
http://www.securityfocus.com/bid/101699 No Types Assigned
http://www.securityfocus.com/bid/101699 Third Party Advisory, VDB Entry
Changed Reference Type
https://www.kb.cert.org/vuls/id/739007 No Types Assigned
https://www.kb.cert.org/vuls/id/739007 Third Party Advisory, US Government Resource
Added CVSS V3
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CVSS V2
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Added CPE Configuration
OR
     *cpe:2.3:o:-:-:-:*:*:*:*:*:*:*