Robert Lasch

**Name of the Vulnerable Software and Affected Versions** ECOS Secure Boot Stick (aka SBS) version 5.6.5 **Description** A protection mechanism failure in the ECOS Secure Boot Stick allows a local attacker to duplicate an authentication factor via cloning. **Recommendations** For version 5.6.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOS Secure Boot Stick (aka SBS) version 5.6.5 **Description** The issue is related to a protection mechanism failure, allowing an attacker to compromise authentication and encryption keys by exploiting compromised firmware. **Recommendations** For ECOS Secure Boot Stick (aka SBS) version 5.6.5, update to a newer version that addresses the protection mechanism failure to prevent authentication and encryption key compromise.

**Name of the Vulnerable Software and Affected Versions** ECOS System Management Appliance (aka SMA) version 5.2.68 **Description** The issue allows a man-in-the-middle attacker to compromise authentication keys and configurations via IP spoofing during "Easy Enrollment." **Recommendations** For version 5.2.68, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOS Secure Boot Stick (aka SBS) version 5.6.5 **Description** The issue allows an attacker to compromise authentication and encryption keys via a compromised host PC after a reset. This is due to an Incomplete Cleanup vulnerability. **Recommendations** For ECOS Secure Boot Stick (aka SBS) version 5.6.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOS Secure Boot Stick (aka SBS) version 5.6.5 **Description** The issue allows an attacker to manipulate security relevant configurations and execute malicious code due to insufficient verification of data authenticity. **Recommendations** For ECOS Secure Boot Stick (aka SBS) version 5.6.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOS Secure Boot Stick (aka SBS) version 5.6.5 **Description** The issue is related to a protection mechanism failure, allowing an attacker to compromise authentication and encryption keys through a virtualization attack. **Recommendations** For ECOS Secure Boot Stick (aka SBS) version 5.6.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOS System Management Appliance (aka SMA) version 5.2.68 **Description** The issue concerns incorrect access control, allowing a user to compromise authentication keys and manipulate security configurations through unrestricted database access during Easy Enrollment. **Recommendations** For version 5.2.68, consider restricting database access during Easy Enrollment to prevent unauthorized manipulation of security configurations and authentication keys. As a temporary workaround, limit access to the database to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** ECOS Secure Boot Stick (aka SBS) version 5.6.5 **Description** The issue concerns an undocumented factory backdoor that allows the vendor to extract confidential information via remote root SSH access. **Recommendations** For ECOS Secure Boot Stick (aka SBS) version 5.6.5, consider disabling remote SSH access until a patch is available to prevent potential exploitation of the backdoor.

**Name of the Vulnerable Software and Affected Versions** ECOS Secure Boot Stick (aka SBS) version 5.6.5 **Description** The issue is related to a Reliance on Security Through Obscurity vulnerability, which allows an attacker to partially extract confidential configurations. This can be achieved through user-space emulation. **Recommendations** For ECOS Secure Boot Stick (aka SBS) version 5.6.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ECOS System Management Appliance (aka SMA) version 5.2.68 **Description** The issue concerns an undocumented factory backdoor that allows the vendor to extract confidential information and manipulate security-relevant configurations. This is achieved via remote root SSH access. **Recommendations** For version 5.2.68, consider restricting remote SSH access to minimize the risk of exploitation until a fix is available. As a temporary workaround, limit the use of root SSH access to only necessary instances.