CRITICAL🇵🇱 Wersja polska

CVE-2025-59693

CVSS 9.8v3.1pub. 2025-12-02upd. 2025-12-15

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02.

🤖 AI Analysis
How it works

An attacker with physical access to the device is able to bypass the tamper-evident label and open the device enclosure without leaving traces. After opening the chassis, access is gained to the JTAG connector, which allows obtaining debug access to the Chassis Management Board. Through this interface, privilege escalation in the system is possible. The vulnerability is cataloged by the manufacturer under designation F02.

Impact

An attacker can obtain full debug access and escalate privileges on the HSM device, which may consequently lead to disclosure, modification, or destruction of protected cryptographic keys and other sensitive data stored on the module.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Additionally, it is recommended to implement strict physical access controls for HSM devices, monitor the integrity of tamper-evident seals and labels, and place devices in locked, monitored server cabinets accessible only to authorized personnel.

Who is affected

Entrust nShield Connect XC, nShield 5c, and nShield HSMi with firmware versions up to and including 13.6.11 or version 13.7

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Entrust Nshield 5c

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield 5c Firmware

    OS
    Entrust
    < 13.6.1213.7.3 – 13.9.0 (bez)
  • Entrust Nshield Connect Xc Base

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Connect Xc Base Firmware

    OS
    Entrust
    13.7.3 – 13.9.0 (bez)< 13.6.12
  • Entrust Nshield Connect Xc High

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Connect Xc High Firmware

    OS
    Entrust
    < 13.6.1213.7.3 – 13.9.0 (bez)
  • Entrust Nshield Connect Xc Mid

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Connect Xc Mid Firmware

    OS
    Entrust
    13.7.3 – 13.9.0 (bez)< 13.6.12
  • Entrust Nshield Hsmi

    HW
    Entrust
    wszystkie wersje
  • Entrust Nshield Hsmi Firmware

    OS
    Entrust
    < 13.6.1213.7.3 – 13.9.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2025-59695CRITICAL9.8PL ✓ten sam produkt

Entrust nShield: modyfikacja firmware CMB bez uwierzytelnienia

CVE-2025-59703CRITICAL9.1PL ✓ten sam produkt

Entrust nShield HSM: fizyczny dostęp do wnętrza urządzenia bez śladów ingerencji

CVE-2025-59702HIGH7.2ten sam produkt

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...

CVE-2025-59697HIGH7.2ten sam produkt

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...

CVE-2025-59694MEDIUM6.8ten sam produkt

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 1...