The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.
An attacker with physical access to the device is able to bypass the tamper-evident label and open the device enclosure without leaving traces. After opening the chassis, access is gained to the JTAG connector, which allows obtaining debug access to the Chassis Management Board. Through this interface, privilege escalation in the system is possible. The vulnerability is cataloged by the manufacturer under designation F02.
An attacker can obtain full debug access and escalate privileges on the HSM device, which may consequently lead to disclosure, modification, or destruction of protected cryptographic keys and other sensitive data stored on the module.
Patches available from the manufacturer should be applied in accordance with the references. Additionally, it is recommended to implement strict physical access controls for HSM devices, monitor the integrity of tamper-evident seals and labels, and place devices in locked, monitored server cabinets accessible only to authorized personnel.
Entrust nShield Connect XC, nShield 5c, and nShield HSMi with firmware versions up to and including 13.6.11 or version 13.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEntrust Nshield 5c
HWEntrustwszystkie wersjeEntrust Nshield 5c Firmware
OSEntrust< 13.6.1213.7.3 – 13.9.0 (bez)Entrust Nshield Connect Xc Base
HWEntrustwszystkie wersjeEntrust Nshield Connect Xc Base Firmware
OSEntrust13.7.3 – 13.9.0 (bez)< 13.6.12Entrust Nshield Connect Xc High
HWEntrustwszystkie wersjeEntrust Nshield Connect Xc High Firmware
OSEntrust< 13.6.1213.7.3 – 13.9.0 (bez)Entrust Nshield Connect Xc Mid
HWEntrustwszystkie wersjeEntrust Nshield Connect Xc Mid Firmware
OSEntrust13.7.3 – 13.9.0 (bez)< 13.6.12Entrust Nshield Hsmi
HWEntrustwszystkie wersjeEntrust Nshield Hsmi Firmware
OSEntrust< 13.6.1213.7.3 – 13.9.0 (bez)
Related vulnerabilities
Entrust nShield: modyfikacja firmware CMB bez uwierzytelnienia
Entrust nShield HSM: fizyczny dostęp do wnętrza urządzenia bez śladów ingerencji
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 1...