Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-7932

An improper certificate validation issue was discovered in NXP i.MX 28 i.MX 50, i.MX 53, i.MX 7Solo i.MX 7Dual Vybrid VF3xx, Vybrid VF5xx, Vybrid VF6xx, i.MX 6ULL, i.MX 6UltraLite, i.MX 6SoloLite, i.MX 6Solo, i.MX 6DualLite, i.MX 6SoloX, i.MX 6Dual, i.MX 6Quad, i.MX 6DualPlus, and i.MX 6QuadPlus. When the device is configured in security enabled configuration, under certain conditions it is possible to bypass the signature verification by using a specially crafted certificate leading to the execution of an unsigned image.

Security Impact Summary

This vulnerability carries a MEDIUM severity rating with a CVSS v3.1 score of 6.0, but requires specific conditions to be met without requiring user interaction and does not require pre-existing privileges . The vulnerability impacts limited data confidentiality, integrity (unauthorized modifications), and availability (service disruption) for affected systems. Impacting 60 products from nxp, from nxp, from nxp and 57 others, organizations running these solutions should prioritize assessment and patching.

Historical Context

First disclosed in 2017, this vulnerability was reported during a period defined by widespread IoT adoption challenges, mobile security concerns, and the emergence of advanced persistent threat (APT) techniques. Contemporary mitigation strategies focused on secure development practices and third-party component vetting.

Published

2017-08-07T08:29:00.307

Last Modified

2026-05-13T00:24:29.033

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.0 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

3.4

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-295
  • Type: Primary
    CWE-295
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System nxp vybrid_mvf30nn151cku26_firmware - Yes
Hardware nxp vybrid_mvf30nn151cku26 - No
Operating System nxp vybrid_mvf30ns151cku26_firmware - Yes
Hardware nxp vybrid_mvf30ns151cku26 - No
Operating System nxp vybrid_mvf50nn151cmk40_firmware - Yes
Hardware nxp vybrid_mvf50nn151cmk40 - No
Operating System nxp vybrid_mvf50nn151cmk50_firmware - Yes
Hardware nxp vybrid_mvf50nn151cmk50 - No
Operating System nxp vybrid_mvf50ns151cmk40_firmware - Yes
Hardware nxp vybrid_mvf50ns151cmk40 - No
Operating System nxp vybrid_mvf50ns151cmk50_firmware - Yes
Hardware nxp vybrid_mvf50ns151cmk50 - No
Operating System nxp vybrid_mvf51nn151cmk50_firmware - Yes
Hardware nxp vybrid_mvf51nn151cmk50 - No
Operating System nxp vybrid_mvf51ns151cmk50_firmware - Yes
Hardware nxp vybrid_mvf51ns151cmk50 - No
Operating System nxp vybrid_mvf60nn151cmk40_firmware - Yes
Hardware nxp vybrid_mvf60nn151cmk40 - No
Operating System nxp vybrid_mvf60ns151cmk40_firmware - Yes
Hardware nxp vybrid_mvf60ns151cmk40 - No
Operating System nxp vybrid_mvf60nn151cmk50_firmware - Yes
Hardware nxp vybrid_mvf60nn151cmk50 - No
Operating System nxp vybrid_mvf60ns151cmk50_firmware - Yes
Hardware nxp vybrid_mvf60ns151cmk50 - No
Operating System nxp vybrid_mvf61nn151cmk50_firmware - Yes
Hardware nxp vybrid_mvf61nn151cmk50 - No
Operating System nxp vybrid_mvf61ns151cmk50_firmware - Yes
Hardware nxp vybrid_mvf61ns151cmk50 - No
Operating System nxp vybrid_mvf62nn151cmk40_firmware - Yes
Hardware nxp vybrid_mvf62nn151cmk40 - No
Operating System nxp i.mx_50_firmware - Yes
Hardware nxp i.mx_50 - No
Operating System nxp i.mx_53_firmware - Yes
Hardware nxp i.mx_53 - No
Operating System nxp i.mx_6ull_firmware - Yes
Hardware nxp i.mx_6ull - No
Operating System nxp i.mx_6ultralite_firmware - Yes
Hardware nxp i.mx_6ultralite - No
Operating System nxp i.mx_6sololite_firmware - Yes
Hardware nxp i.mx_6sololite - No
Operating System nxp i.mx_6solo_firmware - Yes
Hardware nxp i.mx_6solo - No
Operating System nxp i.mx_6duallite_firmware - Yes
Hardware nxp i.mx_6duallite - No
Operating System nxp i.mx_6solox_firmware - Yes
Hardware nxp i.mx_6solox - No
Operating System nxp i.mx_6dual_firmware - Yes
Hardware nxp i.mx_6dual - No
Operating System nxp i.mx_6quad_firmware - Yes
Hardware nxp i.mx_6quad - No
Operating System nxp i.mx_6quadplus_firmware - Yes
Hardware nxp i.mx_6quadplus - No
Operating System nxp i.mx_6dualplus_firmware - Yes
Hardware nxp i.mx_6dualplus - No
Operating System nxp i.mx_28_firmware - Yes
Hardware nxp i.mx_28 - No
Operating System nxp i.mx_7dual_firmware - Yes
Hardware nxp i.mx_7dual - No
Operating System nxp i.mx_7solo_firmware - Yes
Hardware nxp i.mx_7solo - No
References

How SecUtils Interprets This CVE

SecUtils normalizes and enriches National Vulnerability Database (NVD) records by standardizing vendor and product identifiers, aggregating vulnerability metadata from both NVD and MITRE sources, and providing structured context for security teams. For nxp's affected products, we extract Common Platform Enumeration (CPE) data, Common Weakness Enumeration (CWE) classifications, CVSS severity metrics, and reference data to enable rapid vulnerability prioritization and asset correlation. This record contains no exploit code, proof-of-concept instructions, or attack methodologies—only defensive intelligence necessary for patch management, risk assessment, and security operations.