Lucene search

IcscertCVELIST:CVE-2024-23806

HistoryFeb 07, 2024 - 4:23 p.m.

CVE-2024-23806 HID Global Reader Configuration Cards Improper Authorization

2024-02-0716:23:16

CWE-287

icscert

www.cve.org

hid global

configuration cards

authorization

sensitive data

CVSS3

5.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "HID iCLASS SE reader configuration cards",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "OMNIKEY Secure Elements reader configuration cards",
    "vendor": "HID Global",
    "versions": [
      {
        "status": "affected",
        "version": "All"
      }
    ]
  }
]

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02

www.hidglobal.com/support

CVSS3

5.3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

20.7%

JSON

Related for CVELIST:CVE-2024-23806