CVE-2015-1878

Published Aug 18, 2017

Last updated 3 months ago

CVSS medium 6.8

Overview

Description: Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:thalesesecurity:nshield_connect_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E89E8BD0-A35C-4EAE-8C19-87F9580DD3FE",
            "versionEndIncluding": "11.30"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:thalesesecurity:nshield_connect_1500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "4E00A4CC-188A-41AA-9A1C-5DF1031660B3"
          },
          {
            "criteria": "cpe:2.3:h:thalesesecurity:nshield_connect_1500\\+:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "952078A8-CAF8-40F5-9EFA-9988AF3F61EC"
          },
          {
            "criteria": "cpe:2.3:h:thalesesecurity:nshield_connect_500:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "DD310DDC-1629-4DE9-8744-1B7E6E510435"
          },
          {
            "criteria": "cpe:2.3:h:thalesesecurity:nshield_connect_500\\+:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "D5474A3E-4D01-4602-A68B-AD4B5110587A"
          },
          {
            "criteria": "cpe:2.3:h:thalesesecurity:nshield_connect_6000:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "023DBB90-B8D7-4F07-A902-CCEF26D50BC1"
          },
          {
            "criteria": "cpe:2.3:h:thalesesecurity:nshield_connect_6000\\+:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "076633B9-52DD-40A6-8A79-9380246A77C3"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References