Entrust nShield Products Privilege Escalation Vulnerability via Insecure USB Boot
Vulnerability
A vulnerability in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to escalate privileges by booting from a USB device containing a valid root filesystem. This issue arises from insecure default configurations in the Legacy GRUB Bootloader, which can be exploited to gain root access to the appliance without authentication.
Impact
Exploitation of this vulnerability leads to unauthorized privilege escalation, allowing an attacker to gain root access on the affected appliance.
Reproduction
The vulnerability can be reproduced by physically accessing the device, enabling USB boot during the startup process, and then inserting a USB drive with a valid root filesystem. Once the device boots from the USB, the attacker can access the GRUB bootloader without a password, modify kernel parameters, and gain root access on the appliance.
Remediation
Users can update to Entrust nShield versions 13.6.12 or 13.9.0 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.