6.8
CVE-2025-59694
- EPSS 0.03%
- Veröffentlicht 02.12.2025 00:00:00
- Zuletzt bearbeitet 15.12.2025 13:39:22
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Entrust ≫ Nshield 5c Firmware Version < 13.6.12
Entrust ≫ Nshield 5c Firmware Version >= 13.7.3 < 13.9.0
Entrust ≫ Nshield Hsmi Firmware Version < 13.6.12
Entrust ≫ Nshield Hsmi Firmware Version >= 13.7.3 < 13.9.0
Entrust ≫ Nshield Connect Xc Base Firmware Version < 13.6.12
Entrust ≫ Nshield Connect Xc Base Firmware Version >= 13.7.3 < 13.9.0
Entrust ≫ Nshield Connect Xc Mid Firmware Version < 13.6.12
Entrust ≫ Nshield Connect Xc Mid Firmware Version >= 13.7.3 < 13.9.0
Entrust ≫ Nshield Connect Xc High Firmware Version < 13.6.12
Entrust ≫ Nshield Connect Xc High Firmware Version >= 13.7.3 < 13.9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.092 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.8 | 0.9 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code
The product conducts a secure-boot process that transfers bootloader code from Non-Volatile Memory (NVM) into Volatile Memory (VM), but it does not have sufficient access control or other protections for the Volatile Memory.