Entrust nShield Products Unencrypted SSD Access Vulnerability Allowing Unauthorized Data Modification

A vulnerability exists in Entrust nShield Connect XC, nShield 5c, and nShield HSMi appliances, all versions through 13.6.11 or 13.7. This vulnerability allows a physically proximate attacker with elevated privileges to read and modify the contents of the appliance's solid-state drive (SSD), as the data is unencrypted. Exploitation of this vulnerability could lead to a stealthy compromise of the appliance and its recovery mechanisms.

Impact

Exploitation of this vulnerability allows for unauthorized reading and modification of data on the appliance's SSD, including the operating system and configuration settings. This could lead to a persistent and undetectable compromise of the appliance.

Reproduction

The vulnerability can be reproduced by physically accessing the affected nShield appliance. Once access is gained, the unencrypted SSD can be read and modified. This can be done through the JTAG connector on the Cosmo board, which is accessible after enabling the front USB port during boot. After gaining root access, the SSD contents can be altered without leaving any traces.

Remediation

Users can upgrade to Entrust nShield versions 13.6.12 or 13.9.0 to address this vulnerability.