彙總 entrust 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 路徑處理缺陷與緩衝區溢位 等問題,部分漏洞可能導致 檔案覆寫,並影響 軟體部署與生產負載 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-59704 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password. | [email protected] | 4.6 | 0.02% | 2025-12-02 | 2026-01-06 |
| CVE-2025-59703 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to access the internal components of the appliance, without leaving tamper evidence. To exploit this, the attacker needs to remove the tamper label and all fixing screws from the device without damaging it. This is called an F14 attack. | [email protected] | 9.1 | 0.06% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59705 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a Physically Proximate Attacker to Escalate Privileges by enabling the USB interface through chassis probe insertion during system boot, aka "Unauthorized Reactivation of the USB interface" or F01. | [email protected] | 6.8 | 0.02% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59702 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to falsify tamper events by accessing internal components. | [email protected] | 7.2 | 0.02% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59701 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker (with elevated privileges) to read and modify the Appliance SSD contents (because they are unencrypted). | [email protected] | 4.1 | 0.01% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59700 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection). | [email protected] | 3.9 | 0.02% | 2025-12-02 | 2026-01-06 |
| CVE-2025-59699 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by booting from a USB device with a valid root filesystem. This occurs because of insecure default settings in the Legacy GRUB Bootloader. | [email protected] | 6.8 | 0.02% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59698 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader. | [email protected] | 6.8 | 0.02% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59697 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to escalate privileges by editing the Legacy GRUB bootloader configuration to start a root shell upon boot of the host OS. This is called F06. | [email protected] | 7.2 | 0.02% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59696 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker to modify or erase tamper events via the Chassis management board. | [email protected] | 3.2 | 0.01% | 2025-12-02 | 2025-12-08 |
| CVE-2025-59695 | Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a user with OS root access to alter firmware on the Chassis Management Board (without Authentication). This is called F04. | [email protected] | 9.8 | 0.08% | 2025-12-02 | 2025-12-15 |
| CVE-2025-59694 | The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the (insecurely configured) appliance boot process. To exploit this, the attacker must modify the firmware via JTAG or perform an upgrade to the chassis management board firmware. This is called F03. | [email protected] | 6.8 | 0.02% | 2025-12-02 | 2025-12-15 |
| CVE-2025-59693 | The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to obtain debug access and escalate privileges by bypassing the tamper label and opening the chassis without leaving evidence, and accessing the JTAG connector. This is called F02. | [email protected] | 9.8 | 0.05% | 2025-12-02 | 2025-12-15 |
| CVE-2007-4594 | Entrust Entelligence Security Provider (ESP) 8 does not properly validate certificates in certain circumstances involving (1) a chain that omits the root Certification Authority (CA) certificate, or an application that specifies disregarding (2) unknown revocation statuses during path validation or (3) certain errors in the certification path, which might allow context-dependent attackers to spoof certificate authentication. NOTE: the provenance of this information is unknown; the details are o | [email protected] | 6.4 | 0.15% | 2007-08-29 | 2026-04-23 |
| CVE-2004-0369 | Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. | [email protected] | 7.5 | 8.50% | 2004-12-31 | 2026-04-16 |
| CVE-2002-0712 | Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | [email protected] | 2.1 | 0.20% | 2004-02-03 | 2026-04-16 |
| CVE-2001-0853 | Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a .. (dot dot) in the locale parameter to (1) helpwin.gas.bat or (2) AboutBox.gas.bat. | [email protected] | 5.0 | 3.87% | 2001-12-06 | 2026-04-16 |
| CVE-2001-1024 | login.gas.bat and other CGI scripts in Entrust getAccess allow remote attackers to execute Java programs, and possibly arbitrary commands, by specifying an alternate -classpath argument. | [email protected] | 7.5 | 0.76% | 2001-07-27 | 2026-04-16 |