CVE Catalog

CVE-2023-3674

LowCVSS 2.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile — higher than 10% of all known CVEs

Summary

A flaw was found in the Keylime attestation verifier, which fails to flag a device as untrusted when the TPM quote's signature does not validate. Instead, it only logs an error.

Risk Assessment

The organization may be at risk as devices with invalid signatures could be treated as trusted, leading to potential security vulnerabilities.

Recommendation

It is recommended to update the Keylime verifier and monitor logs for potential issues with TPM signatures.

Original NVD description (English source)

A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS