CVE-2022-30330

medium

Description

In the KeepKey firmware before 7.3.2,Flaws in the supervisor interface can be exploited to bypass important security restrictions on firmware operations. Using these flaws, malicious firmware code can elevate privileges, permanently make the device inoperable or overwrite the trusted bootloader code to compromise the hardware wallet across reboots or storage wipes.

References

https://github.com/keepkey/keepkey-firmware/releases/tag/v7.3.2

https://github.com/keepkey/keepkey-firmware/commit/447c1f038a31378ab9589965c098467d9ea6cccc

Details

Source: Mitre, NVD

Published: 2022-05-07

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 6.6

Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: Medium