Lucene search

[email protected]CVE-2024-22388

HistoryFeb 06, 2024 - 11:15 p.m.

CVE-2024-22388

2024-02-0623:15:08

CWE-285

[email protected]

web.nvd.nist.gov

cve-2024-22388

communication channel

encoders

sensitive data

credential security

device administration keys

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

Affected configurations

NVD

Node

hidglobaliclass_se_cp1000_encoderMatch-

AND

hidglobaliclass_se_cp1000_encoder_firmware

Node

hidglobaliclass_se_readersMatch-

AND

hidglobaliclass_se_readers_firmware

Node

hidglobaliclass_se_reader_modulesMatch-

AND

hidglobaliclass_se_reader_modules_firmware

Node

hidglobaliclass_se_processorsMatch-

AND

hidglobaliclass_se_processors_firmware

Node

hidglobalomnikey_5427ckMatch-

AND

hidglobalomnikey_5427ck_firmware

Node

hidglobalomnikey_5127ckMatch-

AND

hidglobalomnikey_5127ck_firmware

Node

hidglobalomnikey_5023Match-

AND

hidglobalomnikey_5023_firmware

Node

hidglobalomnikey_5027Match-

AND

hidglobalomnikey_5027_firmware

CPENameOperatorVersion
hidglobal:iclass_se_cp1000_encoder_firmwarehidglobal iclass se cp1000 encoder firmwareeq*

CPE	Name	Operator	Version
hidglobal:iclass_se_cp1000_encoder_firmware	hidglobal iclass se cp1000 encoder firmware	eq	*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "iCLASS SE CP1000 Encoder",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iCLASS SE Readers",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iCLASS SE Reader Modules",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "iCLASS SE Processors",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "OMNIKEY 5427CK Readers",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "OMNIKEY 5127CK Readers",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "OMNIKEY 5023 Readers",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "OMNIKEY 5027 Readers",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

support.hidglobal.com/

www.cisa.gov/news-events/ics-advisories/icsa-24-037-01

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2024-22388

prion1 nvd1 cvelist1 ics1