Vulnerability Description
nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other products, contains certain options that were only intended for testing and not production, which might allow remote attackers to obtain information about encryption keys and crack those keys with less effort than brute force.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ncipher | Dse200 Document Sealing Engine | All versions |
| Ncipher | Ncore | All versions |
| Ncipher | Nforce | All versions |
| Ncipher | Securedb | All versions |
| Ncipher | Time Source Master Clock | All versions |
| Ncipher | Nethsm | 2.0 |
| Ncipher | Nshield | All versions |
| Ncipher | Payshield | All versions |
References
- http://secunia.com/advisories/19137PatchVendor Advisory
- http://securitytracker.com/id?1015718PatchVendor Advisory
- http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_securityPatchVendor Advisory
- http://www.securityfocus.com/archive/1/427151/100/0/threaded
- http://www.securityfocus.com/bid/17012Patch
- http://www.vupen.com/english/advisories/2006/0862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25063
- http://secunia.com/advisories/19137PatchVendor Advisory
- http://securitytracker.com/id?1015718PatchVendor Advisory
- http://www.ncipher.com/resources/97/sa14_presence_of_flaws_in_firmware_securityPatchVendor Advisory
- http://www.securityfocus.com/archive/1/427151/100/0/threaded
- http://www.securityfocus.com/bid/17012Patch
- http://www.vupen.com/english/advisories/2006/0862
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25063
FAQ
What is CVE-2006-1117?
CVE-2006-1117 is a vulnerability with a CVSS score of 2.6 (LOW). nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) netHSM, (4) payShield, (5) SecureDB, (6) DSE200 Document Sealing Engine, (7) Time Source Master Clock (TSMC), and possibly other pr...
How severe is CVE-2006-1117?
CVE-2006-1117 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-1117?
Check the references section above for vendor advisories and patch information. Affected products include: Ncipher Dse200 Document Sealing Engine, Ncipher Ncore, Ncipher Nforce, Ncipher Securedb, Ncipher Time Source Master Clock.