Entrust nShield Products Physical Access Vulnerability Allowing Undetected Internal Modification

A vulnerability exists in Entrust nShield Connect XC, nShield 5c, and nShield HSMi appliances, all versions through 13.6.11 or 13.7. This vulnerability allows a physically proximate attacker to access the internal components of the appliance without leaving tamper evidence. The exploitation involves removing the tamper label and all fixing screws from the device, a process that can be done without damaging the appliance.

Impact

Exploitation of this vulnerability could lead to unauthorized physical access, allowing for internal modifications of the appliance without detection. Such actions could result in a persistent and undetectable compromise of the device.

Reproduction

The vulnerability can be reproduced by physically accessing the nShield HSM, removing the tamper label with isopropanol and a sharp knife, and unscrewing the fixing screws. Once the tamper label is removed, the HSM can be opened, and internal components can be accessed without leaving any traces.

Remediation

Entrust has released patches for this vulnerability in versions 13.6.12 and 13.9.0.