7 matches found
CVE-2018-12336
CVE-2018-12336 affects ECOS Secure Boot Stick (SBS) 5.6.5. The vulnerability stems from an undocumented vendor backdoor in the SBS software, enabling extraction of confidential information via remote root SSH access. Documented impact is high confidentiality and potential full device compromise; ...
CVE-2018-12330
CVE-2018-12330 concerns ECOS Secure Boot Stick (SBS) version 5.6.5, where a Protection Mechanism Failure reportedly allows an attacker to compromise authentication and encryption keys through compromised firmware. The connected records (CNVD-2019-09047, NVD entry) corroborate a vulnerability affe...
CVE-2018-12332
ECOS Secure Boot Stick (SBS) 5.6.5 is affected by an “Incomplete Cleanup” vulnerability. The issue, described across CVE-2018-12332 records, allows an attacker with access to a compromised host PC to compromise authentication and encryption keys after a reset. Multiple connected sources corrobora...
CVE-2018-12333
CVE-2018-12333 affects ECOS Secure Boot Stick (SBS) version 5.6.5 and is caused by insufficient verification of data authenticity. The vulnerability could allow an attacker to manipulate security-related configurations and execute malicious code on the device. Publicly documented details identify...
CVE-2018-12334
The CVE-2018-12334 entry concerns ECOS Secure Boot Stick (SBS) 5.6.5. The vulnerability is a Protection Mechanism Failure that enables a virtualization attack to compromise authentication and encryption keys. This exposure affects the SBS device’s cryptographic protections, with the primary impac...
CVE-2018-12329
ECOS Secure Boot Stick (SBS) 5.6.5 is affected by a Protection Mechanism Failure that allows a local attacker to duplicate an authentication factor via cloning. The CVE entry (CVE-2018-12329) notes a vulnerability in SBS 5.6.5; connected sources corroborate an authentication bypass/security restr...
CVE-2018-12337
ECOS Secure Boot Stick (SBS) v5.6.5 is affected by a Security Through Obscurity flaw that lets an attacker partially extract confidential configurations via user-space emulation. The CVE entry CVE-2018-12337 and CNVD-2019-09042 describe the vulnerability as relying on obscurity, enabling exposure...