Medium severity6.0NVD Advisory· Published Aug 7, 2017· Updated May 13, 2026

CVE-2017-7932

Description

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.

Affected products

Nxp/I.mx 28 Firmware
cpe:2.3:o:nxp:i.mx_28_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 50 Firmware
cpe:2.3:o:nxp:i.mx_50_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 53 Firmware
cpe:2.3:o:nxp:i.mx_53_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6dual Firmware
cpe:2.3:o:nxp:i.mx_6dual_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6duallite Firmware
cpe:2.3:o:nxp:i.mx_6duallite_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6dualplus Firmware
cpe:2.3:o:nxp:i.mx_6dualplus_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6quad Firmware
cpe:2.3:o:nxp:i.mx_6quad_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6quadplus Firmware
cpe:2.3:o:nxp:i.mx_6quadplus_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6solo Firmware
cpe:2.3:o:nxp:i.mx_6solo_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6sololite Firmware
cpe:2.3:o:nxp:i.mx_6sololite_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6solox Firmware
cpe:2.3:o:nxp:i.mx_6solox_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6ull Firmware
cpe:2.3:o:nxp:i.mx_6ull_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 6ultralite Firmware
cpe:2.3:o:nxp:i.mx_6ultralite_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 7dual Firmware
cpe:2.3:o:nxp:i.mx_7dual_firmware:-:*:*:*:*:*:*:*
Nxp/I.mx 7solo Firmware
cpe:2.3:o:nxp:i.mx_7solo_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf30nn151cku26 Firmware
cpe:2.3:o:nxp:vybrid_mvf30nn151cku26_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf30ns151cku26 Firmware
cpe:2.3:o:nxp:vybrid_mvf30ns151cku26_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf50nn151cmk40 Firmware
cpe:2.3:o:nxp:vybrid_mvf50nn151cmk40_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf50nn151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf50nn151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf50ns151cmk40 Firmware
cpe:2.3:o:nxp:vybrid_mvf50ns151cmk40_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf50ns151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf50ns151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf51nn151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf51nn151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf51ns151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf51ns151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf60nn151cmk40 Firmware
cpe:2.3:o:nxp:vybrid_mvf60nn151cmk40_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf60nn151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf60nn151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf60ns151cmk40 Firmware
cpe:2.3:o:nxp:vybrid_mvf60ns151cmk40_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf60ns151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf60ns151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf61nn151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf61nn151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf61ns151cmk50 Firmware
cpe:2.3:o:nxp:vybrid_mvf61ns151cmk50_firmware:-:*:*:*:*:*:*:*
Nxp/Vybrid Mvf62nn151cmk40 Firmware
cpe:2.3:o:nxp:vybrid_mvf62nn151cmk40_firmware:-:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/99966nvdThird Party AdvisoryVDB Entry
ics-cert.us-cert.gov/advisories/ICSA-17-152-02nvdThird Party AdvisoryUS Government ResourceVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.390
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000