CVE-2024-29941

2024-05-0623:15:06

56c94bcb-ac34-4d7f-b660-d297a6b7ff82

web.nvd.nist.gov

insecure storage

ict mifare

desfire encryption

default encryption

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

8.8%

JSON

Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware
binary allows malicious actors to create credentials for any site code and card number that is using the default
ICT encryption.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TSEC",
    "vendor": "Integrated Control Technology",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

References

ict.co/media/1xdhaugi/credential-cloning.pdf