U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2017-13097

Change History

Initial Analysis by NIST 9/19/2018 10:41:04 AM

Action Type Old Value New Value
Added CVSS V3

								
							
							
						
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Added CVSS V2

								
							
							
						
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Added CWE

								
							
							
						
CWE-310
Added CPE Configuration

								
							
							
						
OR
     *cpe:2.3:o:-:-:-:*:*:*:*:*:*:*
Changed Reference Type
http://www.securityfocus.com/bid/101699 No Types Assigned
http://www.securityfocus.com/bid/101699 Third Party Advisory, VDB Entry
Changed Reference Type
https://www.kb.cert.org/vuls/id/739007 No Types Assigned
https://www.kb.cert.org/vuls/id/739007 Third Party Advisory, US Government Resource
Added Evaluator Description

								
							
							
						
According to https://www.kb.cert.org/vuls/id/739007:
The P1735 IEEE standard describes methods for encrypting electronic-design intellectual property (IP), as well as the management of access rights for such IP. The methods are flawed and, in the most egregious cases, enable attack vectors that allow recovery of the entire underlying plaintext IP. Implementations of IEEE P1735 may be weak to cryptographic attacks that allow an attacker to obtain plaintext intellectual property without the key, among other impacts.
<br />

Commercial electronic design automation (EDA) tools that utilize the P1735 standard, or products designed with such EDA tools may be vulnerable.
<br />
The CPE configuration provided is likely not inclusive of all vulnerable products.  Please contact the vendor of your product for more information.