CVE-2006-1117 - Vulnerability Details - OpenCVE

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ncipher	Dse200 Document Sealing Engine Ncore Nethsm Nforce Nshield Payshield Securedb Time Source Master Clock

Configuration 1 [-]

OR	cpe:2.3:a:ncipher:dse200_document_sealing_engine::::::::
	cpe:2.3:a:ncipher:ncore::::::::
	cpe:2.3:a:ncipher:nforce::::::::
	cpe:2.3:a:ncipher:securedb::::::::
	cpe:2.3:a:ncipher:time_source_master_clock::::::::

Configuration 2 [-]

OR	cpe:2.3:h:ncipher:nethsm:2.0:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:::::::*
	cpe:2.3:h:ncipher:nshield::::::::
	cpe:2.3:h:ncipher:payshield::::::::

No data.

References

Link	Providers
http://secunia.com/advisories/19137
http://securitytracker.com/id?1015718
http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security
http://www.securityfocus.com/archive/1/427151/100/0/threaded
http://www.securityfocus.com/bid/17012
http://www.vupen.com/english/advisories/2006/0862
https://exchange.xforce.ibmcloud.com/vulnerabilities/25063

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-09T11:00:00

Updated: 2024-08-07T16:56:15.815Z

Reserved: 2006-03-09T00:00:00

Link: CVE-2006-1117

Vulnrichment

No data.

NVD

Status : Modified

Published: 2006-03-09T13:06:00.000

Modified: 2024-11-21T00:08:07.110

Link: CVE-2006-1117

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-0862", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "20060309 nCipher Advisory #14: Presence of flaws in firmware security", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"name": "ncipher-firmware-weak-security(25063)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"name": "1015718", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015718"}, {"name": "17012", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17012"}, {"name": "19137", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19137"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0862", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "20060309 nCipher Advisory #14: Presence of flaws in firmware security", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"name": "ncipher-firmware-weak-security(25063)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}, {"name": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security", "refsource": "CONFIRM", "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"name": "1015718", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015718"}, {"name": "17012", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17012"}, {"name": "19137", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19137"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:56:15.815Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-0862", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "20060309 nCipher Advisory #14: Presence of flaws in firmware security", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"name": "ncipher-firmware-weak-security(25063)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"name": "1015718", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015718"}, {"name": "17012", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17012"}, {"name": "19137", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19137"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1117", "datePublished": "2006-03-09T11:00:00", "dateReserved": "2006-03-09T00:00:00", "dateUpdated": "2024-08-07T16:56:15.815Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ncipher:dse200_document_sealing_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD964801-9635-437D-9260-84F16619FC49", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:ncore:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FA410AE-0FC0-46DC-B89A-651DEDA51622", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:nforce:*:*:*:*:*:*:*:*", "matchCriteriaId": "6252FF68-DB64-4BEC-86D9-A8517B0F9D64", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:securedb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6456DCB1-209C-4F63-83D0-1E73CC85F788", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:time_source_master_clock:*:*:*:*:*:*:*:*", "matchCriteriaId": "F48A7766-4B50-4C25-8786-23DD88AFB7DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ncipher:nethsm:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "83B802C8-58F9-4A03-BC1C-E2DA55CF1F8D", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:nethsm:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C450BD00-9BCC-4E0F-83F9-BA5F0E293367", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:*:*:*:*:*:*:*", "matchCriteriaId": "17A5415F-6D6E-4B08-8073-7462E82520C9", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:nshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "C008CC6B-6F9A-4541-97C5-7ED7C20349C4", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:payshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4D0EB90-3ADD-4038-91AB-AB76C5910951", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}], "id": "CVE-2006-1117", "lastModified": "2024-11-21T00:08:07.110", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-09T13:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19137"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1015718"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17012"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1015718"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17012"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}