Lucene search

A87f365f-9d39-4848-9b3a-58c7cae69cabCVE-2023-33217

HistoryDec 15, 2023 - 11:15 a.m.

CVE-2023-33217

2023-12-1511:15:08

CWE-20

a87f365f-9d39-4848-9b3a-58c7cae69cab

web.nvd.nist.gov

cve-2023-33217

firmware upgrade

denial of service

nvd

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it’s possible to cause a permanent
denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

Affected configurations

NVD

Node

idemiasigma_liteMatch-

AND

idemiasigma_lite_firmwareRange<4.15.5

Node

idemiasigma_lite\+Match-

AND

idemiasigma_lite\+_firmwareRange<4.15.5

Node

idemiasigma_extremeMatch-

AND

idemiasigma_extreme_firmwareRange<4.15.5

Node

idemiasigma_wideMatch-

AND

idemiasigma_wide_firmwareRange<4.15.5

Node

idemiamorphowave_compactMatch-

AND

idemiamorphowave_compact_firmwareRange<2.12.2

Node

idemiamorphowave_xpMatch-

AND

idemiamorphowave_xp_firmwareRange<2.12.2

Node

idemiavisionpassMatch-

AND

idemiavisionpass_firmwareRange<2.12.2

Node

idemiamorphowave_spMatch-

AND

idemiamorphowave_sp_firmwareRange<1.2.7

CPENameOperatorVersion
idemia:sigma_lite_firmwareidemia sigma lite firmwarelt4.15.5

CPE	Name	Operator	Version
idemia:sigma_lite_firmware	idemia sigma lite firmware	lt	4.15.5

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Lite & Lite +",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Wide",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "SIGMA Extreme",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "4.15.5",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MorphoWave Compact/XP",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "2.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "VisionPass",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "2.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "MorphoWave SP",
    "vendor": "IDEMIA",
    "versions": [
      {
        "lessThan": "1.2.7",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

References

www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.4 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-33217