Sign-up

ID

VAR-201708-0280


CVE

CVE-2015-1878


TITLE

Thales nShield Connect Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2015-007825

DESCRIPTION

Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract the device identification key [KNETI] and impersonate the nShield Connect device on a network, affect the integrity and confidentiality of newly created keys, and potentially cause other unspecified impacts using previously loaded keys by connecting to the USB port on the front panel. Thales nShield Connect Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Thales nShield Connect hardware models 500, etc. are all network-type HSM (hardware security module) devices of Thales e-Security Company in the United States. Several types of Thales nShield Connect hardware have security vulnerabilities. The following products and versions are affected: Thales nShield Connect 500 prior to 11.72; 1500 prior to 11.72; 6000 prior to 11.72; 500+ prior to 11.72; 1500+ prior to 11.72; 6000+ prior to 11.72

Trust: 1.71

sources: NVD: CVE-2015-1878 // JVNDB: JVNDB-2015-007825 // VULHUB: VHN-79839

AFFECTED PRODUCTS

vendor:thalesesecuritymodel:nshield connectscope:lteversion:11.30

Trust: 1.0

vendor:thales e securitymodel:nshield connectscope:ltversion:11.72

Trust: 0.8

vendor:thalesesecuritymodel:nshield connectscope:eqversion:11.30

Trust: 0.6

sources: JVNDB: JVNDB-2015-007825 // CNNVD: CNNVD-201708-965 // NVD: CVE-2015-1878

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-1878
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-1878
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201708-965
value: MEDIUM

Trust: 0.6

VULHUB: VHN-79839
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-1878
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-79839
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-1878
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-79839 // JVNDB: JVNDB-2015-007825 // CNNVD: CNNVD-201708-965 // NVD: CVE-2015-1878

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-79839 // JVNDB: JVNDB-2015-007825 // NVD: CVE-2015-1878

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201708-965

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201708-965

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-007825

PATCH
title:nShield Connecturl:https://www.thalesesecurity.co.jp/products/general-purpose-hsms/nshield-connect
Trust: 0.8
title:Multiple Thales nShield Connect Fixes for hardware permissions licensing and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=74830
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-007825 // 
            
            
            
            CNNVD: CNNVD-201708-965

EXTERNAL IDS
db:NVDid:CVE-2015-1878
Trust: 2.5
db:SECTRACKid:1032152
Trust: 2.5
db:JVNDBid:JVNDB-2015-007825
Trust: 0.8
db:CNNVDid:CNNVD-201708-965
Trust: 0.7
db:VULHUBid:VHN-79839
Trust: 0.1
sources:
            
            
            VULHUB: VHN-79839 // 
            
            
            
            JVNDB: JVNDB-2015-007825 // 
            
            
            
            CNNVD: CNNVD-201708-965 // 
            
            
            
            NVD: CVE-2015-1878

REFERENCES
url:http://www.securitytracker.com/id/1032152
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1878
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-1878
Trust: 0.8
sources:
            
            
            VULHUB: VHN-79839 // 
            
            
            
            JVNDB: JVNDB-2015-007825 // 
            
            
            
            CNNVD: CNNVD-201708-965 // 
            
            
            
            NVD: CVE-2015-1878

SOURCES
db:VULHUBid:VHN-79839
db:JVNDBid:JVNDB-2015-007825
db:CNNVDid:CNNVD-201708-965
db:NVDid:CVE-2015-1878

LAST UPDATE DATE
2025-04-20T23:37:49.946000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-79839date:2017-09-07T00:00:00
db:JVNDBid:JVNDB-2015-007825date:2017-09-27T00:00:00
db:CNNVDid:CNNVD-201708-965date:2017-09-21T00:00:00
db:NVDid:CVE-2015-1878date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-79839date:2017-08-18T00:00:00
db:JVNDBid:JVNDB-2015-007825date:2017-09-27T00:00:00
db:CNNVDid:CNNVD-201708-965date:2017-08-18T00:00:00
db:NVDid:CVE-2015-1878date:2017-08-18T16:29:00.263