CVE-2006-1117 - OpenCVE

nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ncipher	Dse200 Document Sealing Engine Securedb Nshield Payshield Nforce Ncore Nethsm Time Source Master Clock

Configuration 1 [-]

OR	cpe:2.3:a:ncipher:dse200_document_sealing_engine::::::::
	cpe:2.3:a:ncipher:ncore::::::::
	cpe:2.3:a:ncipher:nforce::::::::
	cpe:2.3:a:ncipher:securedb::::::::
	cpe:2.3:a:ncipher:time_source_master_clock::::::::

Configuration 2 [-]

OR	cpe:2.3:h:ncipher:nethsm:2.0:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1:::::::*
	cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:::::::*
	cpe:2.3:h:ncipher:nshield::::::::
	cpe:2.3:h:ncipher:payshield::::::::

References

Link	Resource
http://secunia.com/advisories/19137	Patch Vendor Advisory
http://securitytracker.com/id?1015718	Patch Vendor Advisory
http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security	Patch Vendor Advisory
http://www.securityfocus.com/archive/1/427151/100/0/threaded
http://www.securityfocus.com/bid/17012	Patch
http://www.vupen.com/english/advisories/2006/0862
https://exchange.xforce.ibmcloud.com/vulnerabilities/25063

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-09T11:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-03-09T00:00:00

Link: CVE-2006-1117

JSON object: View

NVD Information

Status : Modified

Published: 2006-03-09T13:06:00.000

Modified: 2018-10-18T16:30:51.120

Link: CVE-2006-1117

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-07T00:00:00", "descriptions": [{"lang": "en", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-0862", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "20060309 nCipher Advisory #14: Presence of flaws in firmware security", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"name": "ncipher-firmware-weak-security(25063)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"name": "1015718", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015718"}, {"name": "17012", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17012"}, {"name": "19137", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19137"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-1117", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0862", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"name": "20060309 nCipher Advisory #14: Presence of flaws in firmware security", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"name": "ncipher-firmware-weak-security(25063)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}, {"name": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security", "refsource": "CONFIRM", "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"name": "1015718", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015718"}, {"name": "17012", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17012"}, {"name": "19137", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19137"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-1117", "datePublished": "2006-03-09T11:00:00", "dateReserved": "2006-03-09T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ncipher:dse200_document_sealing_engine:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD964801-9635-437D-9260-84F16619FC49", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:ncore:*:*:*:*:*:*:*:*", "matchCriteriaId": "6FA410AE-0FC0-46DC-B89A-651DEDA51622", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:nforce:*:*:*:*:*:*:*:*", "matchCriteriaId": "6252FF68-DB64-4BEC-86D9-A8517B0F9D64", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:securedb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6456DCB1-209C-4F63-83D0-1E73CC85F788", "vulnerable": true}, {"criteria": "cpe:2.3:a:ncipher:time_source_master_clock:*:*:*:*:*:*:*:*", "matchCriteriaId": "F48A7766-4B50-4C25-8786-23DD88AFB7DB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:ncipher:nethsm:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "83B802C8-58F9-4A03-BC1C-E2DA55CF1F8D", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:nethsm:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "C450BD00-9BCC-4E0F-83F9-BA5F0E293367", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:nethsm:2.1.12_cam5:*:*:*:*:*:*:*", "matchCriteriaId": "17A5415F-6D6E-4B08-8073-7462E82520C9", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:nshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "C008CC6B-6F9A-4541-97C5-7ED7C20349C4", "vulnerable": true}, {"criteria": "cpe:2.3:h:ncipher:payshield:*:*:*:*:*:*:*:*", "matchCriteriaId": "C4D0EB90-3ADD-4038-91AB-AB76C5910951", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force."}], "id": "CVE-2006-1117", "lastModified": "2018-10-18T16:30:51.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-03-09T13:06:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19137"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://securitytracker.com/id?1015718"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_security"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/427151/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/17012"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/0862"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25063"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}