The Gemalto IDSS Security Response team recently identified a vulnerability in ProtectServer 2 firmware. We are committed to ensuring you are protected against known security issues, and consistently monitor for any security and vulnerability issues.
Description: Recent reported vulnerabilities in ProtectServer HSM firmware could allow an attacker unauthorized access to the ProtectServer HSM via PKCS#11 API bypass (Severity Level – High). In addition, areas that could possibly result in a potential DoS attack via malformed requests have been identified (Severity Level – Medium).
Risk: Exploitation of these vulnerabilities could lead to a denial of service attack or potentially other attack vectors against the integrity of the firmware in the HSM.
Products Affected: ProtectServer 2 devices running firmware 5.00.02 and above.
Mitigation: Gemalto has released updated firmware to address these vulnerabilities. You should take priority action to update your firmware to version 5.03.01. Login to the Support Portal is required.