9.1
CVE-2025-59703
- EPSS 0.04%
- Veröffentlicht 02.12.2025 00:00:00
- Zuletzt bearbeitet 08.12.2025 19:39:02
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginEntrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Entrust ≫ Nshield 5c Firmware Version < 13.6.12
Entrust ≫ Nshield 5c Firmware Version >= 13.7 < 13.9.0
Entrust ≫ Nshield Hsmi Firmware Version < 13.6.12
Entrust ≫ Nshield Hsmi Firmware Version >= 13.7 < 13.9.0
Entrust ≫ Nshield Connect Xc Base Firmware Version < 13.6.12
Entrust ≫ Nshield Connect Xc Base Firmware Version >= 13.7 < 13.9.0
Entrust ≫ Nshield Connect Xc Mid Firmware Version < 13.6.12
Entrust ≫ Nshield Connect Xc Mid Firmware Version >= 13.7 < 13.9.0
Entrust ≫ Nshield Connect Xc High Firmware Version < 13.6.12
Entrust ≫ Nshield Connect Xc High Firmware Version >= 13.7 < 13.9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.107 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.