PT-2021-23474 · Mentor Graphics · Modelsim Simulation+1

Published

2021-12-14

Updated

2021-12-20

CVE-2021-42023

CVSS v2.0

2.1

Low

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions ModelSim Simulation (all versions) Questa Simulation (all versions)

Description A vulnerability has been identified that affects the RSA white-box implementation in the affected applications. This vulnerability insufficiently protects the built-in private keys required to decrypt electronic intellectual property (IP) data in accordance with the IEEE 1735 recommended practice. As a result, a sophisticated attacker could potentially discover the keys and bypass the intended protection.

Recommendations For ModelSim Simulation (all versions), consider restricting access to the private keys until a proper fix is implemented. For Questa Simulation (all versions), avoid using the affected RSA white-box implementation for decrypting electronic intellectual property (IP) data until the issue is resolved.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2021-42023

Affected Products

Modelsim Simulation

Questa Simulation

PT-2021-23474 · Mentor Graphics · Modelsim Simulation+1

CVE-2021-42023

Weakness Enumeration

Related Identifiers

Affected Products

References · 2