The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon SK-8861, Ultraslim Wireless, and Silver Silk keyboards and Liteon ZTM600 and Ultraslim Wireless mice, does not enforce incrementing AES counters, which allows remote attackers to inject encrypted keyboard input into the system by leveraging proximity to the dongle, aka a "KeyJack injection attack."
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/92179 | Third Party Advisory VDB Entry |
https://github.com/BastilleResearch/keyjack/blob/master/doc/advisories/bastille-13.lenovo-ultraslim.public.txt | Third Party Advisory |
https://support.lenovo.com/product_security/len_7267 | Vendor Advisory |
https://www.bastille.net/research/vulnerabilities/keyjack | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
22 Apr 2021, 21:21
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:dell:km714_firmware:*:*:*:*:*:*:*:* |
Information
Published : 2016-08-02 14:59
Updated : 2023-12-10 11:46
NVD link : CVE-2016-6257
Mitre link : CVE-2016-6257
CVE.ORG link : CVE-2016-6257
JSON object : View
Products Affected
lenovo
- ultraslim_wireless_keyboard
- ultraslim_firmware
- ultraslim_dongle
logitech
- unifying_dongle
- unifying_firmware
amazonbasics
- wireless_keyboard
- firmware
- usb_dongle
dell
- km714_firmware
- km714_wireless_keyboard
- km632_dongle
- km714_dongle
- km632_wireless_keyboard
- km632_firmware
CWE
CWE-310
Cryptographic Issues