Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04.
The vulnerability classified as CWE-306 (missing authentication for critical function) involves the Chassis Management Board firmware update mechanism not verifying the identity of the entity initiating the operation. A user with root privileges at the operating system level of the device can directly upload and install modified or malicious firmware on the CMB, bypassing any authorization controls. The manufacturer identifies this vulnerability internally as F04.
An attacker with root access to the device's operating system can permanently modify CMB firmware, which may lead to complete compromise of HSM module integrity, loss of confidentiality of stored cryptographic keys, and establishment of persistence of malicious code at the hardware level, which is difficult to detect and remove.
Apply patches available from the manufacturer according to the references. As a risk-limiting measure, strictly control and limit root access to the operating system of nShield devices, applying the principle of least privilege and monitoring any attempts to gain administrative access to these devices.
Entrust nShield Connect XC, nShield 5c and nShield HSMi in versions up to 13.6.11 inclusive and 13.7. Affects products: nShield Connect XC Mid, nShield Connect XC Base, nShield Connect XC Base Firmware, nShield HSMi Firmware, nShield HSMi.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HEntrust Nshield 5c
HWEntrustwszystkie wersjeEntrust Nshield 5c Firmware
OSEntrust< 13.6.1213.7.3 – 13.9.0 (bez)Entrust Nshield Connect Xc Base
HWEntrustwszystkie wersjeEntrust Nshield Connect Xc Base Firmware
OSEntrust13.7.3 – 13.9.0 (bez)< 13.6.12Entrust Nshield Connect Xc High
HWEntrustwszystkie wersjeEntrust Nshield Connect Xc High Firmware
OSEntrust< 13.6.1213.7.3 – 13.9.0 (bez)Entrust Nshield Connect Xc Mid
HWEntrustwszystkie wersjeEntrust Nshield Connect Xc Mid Firmware
OSEntrust13.7.3 – 13.9.0 (bez)< 13.6.12Entrust Nshield Hsmi
HWEntrustwszystkie wersjeEntrust Nshield Hsmi Firmware
OSEntrust< 13.6.1213.7.3 – 13.9.0 (bez)
Related vulnerabilities
Entrust nShield HSM — privilege escalation przez fizyczny dostęp JTAG
Entrust nShield HSM: fizyczny dostęp do wnętrza urządzenia bez śladów ingerencji
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximat...
The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 1...