Lucene search

[email protected]CVE-2006-1538

HistoryMar 30, 2006 - 11:02 a.m.

CVE-2006-1538

2006-03-3011:02:00

[email protected]

web.nvd.nist.gov

enova x-wall

asic

encryption

key storage

local access

hardware token

eeprom

security vulnerability

nvd

cve-2006-1538

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.9%

JSON

The Enova X-Wall ASIC encrypts with a key obtained via Microwire from a serial EEPROM that stores the key in cleartext, which allows local users with physical access to obtain the key by reading and duplicating an EEPROM that is located on a hardware token, or by sniffing the Microwire bus.

Affected configurations

NVD

Node

enovax-wall_asic

CPENameOperatorVersion
enova:x-wall_asicenova x-wall asiceq*

CPE	Name	Operator	Version
enova:x-wall_asic	enova x-wall asic	eq	*

References

securityreason.com/securityalert/648

www.hexview.com/docs/20060328-1.txt

www.securityfocus.com/archive/1/429253/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/25527

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:C/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.9%

JSON

Related for CVE-2006-1538

nvd1 prion1 cvelist1