CVE-2006-1117

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

CVSS v2.0 2.6 LOW

2.6^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security	Patch Vendor Advisory
http://www.securityfocus.com/bid/17012	Patch
http://securitytracker.com/id?1015718	Patch Vendor Advisory
http://secunia.com/advisories/19137	Patch Vendor Advisory
http://www.vupen.com/english/advisories/2006/0862
https://exchange.xforce.ibmcloud.com/vulnerabilities/25063
http://www.securityfocus.com/archive/1/427151/100/0/threaded

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ncipher:securedb::::::::
	cpe:2.3:a:ncipher:time_source_master_clock::::::::
	cpe:2.3:a:ncipher:dse200_document_sealing_engine::::::::
	cpe:2.3:a:ncipher:ncore::::::::
	cpe:2.3:a:ncipher:nforce::::::::

Configuration 2 (hide)

OR	cpe:2.3:h:ncipher:nethsm:2.0:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:::::::*
	cpe:2.3:h:ncipher:nshield::::::::
	cpe:2.3:h:ncipher:payshield::::::::

Information

Published : 2006-03-09 05:06

Updated : 2018-10-18 09:30

NVD link : CVE-2006-1117

Mitre link : CVE-2006-1117

JSON object : View

CWE

NVD-CWE-Other

Products Affected

ncipher

dse200_document_sealing_engine
payshield
ncore
nforce
time_source_master_clock
nshield
securedb
nethsm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security", "name": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/17012", "name": "17012", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securitytracker.com/id?1015718", "name": "1015718", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/19137", "name": "19137", "tags": ["Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2006/0862", "name": "ADV-2006-0862", "tags": [], "refsource": "VUPEN"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063", "name": "ncipher-firmware-weak-security(25063)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded", "name": "20060309 nCipher Advisory #14: Presence of flaws in firmware security", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-1117", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-03-09T13:06Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:ncipher:securedb:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ncipher:time_source_master_clock:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ncipher:dse200_document_sealing_engine:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ncipher:ncore:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:ncipher:nforce:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:ncipher:nethsm:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ncipher:nethsm:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ncipher:nshield:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:ncipher:payshield:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-18T16:30Z"}

2.6 /10