CVE-2006-1117

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/19137	Patch Vendor Advisory
http://securitytracker.com/id?1015718	Patch Vendor Advisory
http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/427151/100/0/threaded
http://www.securityfocus.com/bid/17012	Patch
http://www.vupen.com/english/advisories/2006/0862
https://exchange.xforce.ibmcloud.com/vulnerabilities/25063

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ncipher:dse200_document_sealing_engine::::::::
	cpe:2.3:a:ncipher:ncore::::::::
	cpe:2.3:a:ncipher:nforce::::::::
	cpe:2.3:a:ncipher:securedb::::::::
	cpe:2.3:a:ncipher:time_source_master_clock::::::::

Configuration 2 (hide)

OR	cpe:2.3:h:ncipher:nethsm:2.0:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:::::::*
	cpe:2.3:h:ncipher:nshield::::::::
	cpe:2.3:h:ncipher:payshield::::::::

History

No history.

Information

Published : 2006-03-09 13:06

Updated : 2024-02-04 16:52

NVD link : CVE-2006-1117

Mitre link : CVE-2006-1117

CVE.ORG link : CVE-2006-1117

JSON object : View

Products Affected

ncipher

nshield
time_source_master_clock
ncore
nethsm
dse200_document_sealing_engine
nforce
payshield
securedb

CWE

NVD-CWE-Other

{"id": "CVE-2006-1117", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-03-09T13:06:00.000", "references": [{"url": "http://secunia.com/advisories/19137", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015718", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/17012", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0862", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}], "lastModified": "2018-10-18T16:30:51.120", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ncipher:dse200_document_sealing_engine:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD964801-9635-437D-9260-84F16619FC49"}, {"criteria": "cpe:2.3:a:ncipher:ncore:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6FA410AE-0FC0-46DC-B89A-651DEDA51622"}, {"criteria": "cpe:2.3:a:ncipher:nforce:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6252FF68-DB64-4BEC-86D9-A8517B0F9D64"}, {"criteria": "cpe:2.3:a:ncipher:securedb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6456DCB1-209C-4F63-83D0-1E73CC85F788"}, {"criteria": "cpe:2.3:a:ncipher:time_source_master_clock:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F48A7766-4B50-4C25-8786-23DD88AFB7DB"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ncipher:nethsm:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B802C8-58F9-4A03-BC1C-E2DA55CF1F8D"}, {"criteria": "cpe:2.3:h:ncipher:nethsm:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C450BD00-9BCC-4E0F-83F9-BA5F0E293367"}, {"criteria": "cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17A5415F-6D6E-4B08-8073-7462E82520C9"}, {"criteria": "cpe:2.3:h:ncipher:nshield:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C008CC6B-6F9A-4541-97C5-7ED7C20349C4"}, {"criteria": "cpe:2.3:h:ncipher:payshield:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C4D0EB90-3ADD-4038-91AB-AB76C5910951"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}