ProtectServer 2 Vulnerability Notification

The Gemalto IDSS Security Response team recently identified a vulnerability in ProtectServer 2 firmware. We are committed to ensuring you are protected against known security issues, and consistently monitor for any security and vulnerability issues. 

DescriptionRecent reported vulnerabilities in ProtectServer HSM firmware could allow an attacker unauthorized access to the ProtectServer HSM via PKCS#11 API bypass (Severity Level – High). In addition, areas that could possibly result in a potential DoS attack via malformed requests have been identified (Severity Level – Medium).

Risk: Exploitation of these vulnerabilities could lead to a denial of service attack or potentially other attack vectors against the integrity of the firmware in the HSM.
Products AffectedProtectServer 2 devices running firmware 5.00.02 and above.
MitigationGemalto has released updated firmware to address these vulnerabilities. You should take priority action to update your firmware to version 5.03.01. Login to the Support Portal is required.