CVE-2016-2616 is the case of HW_KEYMASTER with a fixed version 10.0.10.3. This vulnerability was disclosed to the vendor on Jan 21st, 2016 and has been fixed in the version 10.0.10.3/1.1.0.0. We recommend updating your system as soon as the vendor releases a patch to avoid possible security issues. End-users with automatic updates enabled are already patched.

HW_KEYMASTER Vulnerabilities 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 HW_KEYMASTER has several vulnerabilities, one of which is: Incorrect checking of data read. This may result in out-of-bounds access. To exploit this vulnerability, an attacker must convince a user to visit a malicious website or email, or gain access to an account where a user has access to the account of another user with this vulnerability.

CVE-2022-4080

CVE-2015-3324 is a vulnerability in the website's page. It is a cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary script code in the context of the user who views or interacts with it. When exploited, it can allow attackers to steal cookies and hijack sessions without any further action.

HW_KEYMASTER Vulnerabilities 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 CVE-2015-3324 is a vulnerability in the website's page. It is a cross-site scripting (XSS) vulnerability that allows attackers to execute arbitrary script code in the context of the user who views or interacts with it. When exploited, it can allow attackers to steal cookies and hijack sessions without any further action.

Summary of CVEs Confirmed For HW_KEYMASTER

CVE-2016-2616: Fixed in version 10.0.10.3/1.1.0.0
CVE-2022-41580: Fixed in version 10.0.10.3

Description of the issue

CVE-2016-2616 describes a vulnerability in the HW_KEYMASTER that was disclosed to the vendor on Jan 21st, 2016. This vulnerability has been fixed in version 10.0.10.3/1.1.0.0 and we recommend updating your system as soon as the vendor releases a patch to avoid possible security issues. End-users with automatic updates enabled are already patched, however it would be wise to update manually if you do not have automatic updates enabled.

Timeline

Published on: 10/14/2022 16:15:00 UTC
Last modified on: 10/18/2022 14:49:00 UTC

References