IM
IronMonkey Threat Research

CVE-2024-23806 MEDIUM

Published: 2024-02-07 | Last Modified: 2024-11-21 | Status: Modified

Description

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

Additional Descriptions (1)

Se pueden extraer datos confidenciales de las tarjetas de configuración del lector HID iCLASS SE. Esto podría incluir claves de administrador de dispositivos y credenciales.

CVSS Metrics

Base Score: 5.3 (MEDIUM)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack VectorPHYSICAL
Attack ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
ScopeCHANGED
Confidentiality ImpactHIGH
Integrity ImpactNONE
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 0.9

Impact Score: 4.0

Weaknesses

Source Type Description
[email protected] Secondary
en CWE-285
[email protected] Secondary
en CWE-287

Affected Products

Vendor Product Version Update Type
hidglobal omnikey_secure_elements_reader_configuration_cards_firmware - <built-in method update of dict object at 0x7c3c32d53ac0> Operating System
hidglobal iclass_se_reader_configuration_cards_firmware - <built-in method update of dict object at 0x7c3c32d52e40> Operating System

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:omnikey_secure_elements_reader_configuration_cards_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:omnikey_secure_elements_reader_configuration_cards:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
Yes cpe:2.3:o:hidglobal:iclass_se_reader_configuration_cards_firmware:-:*:*:*:*:*:*:*

Operator: OR

Vulnerable CPE
No cpe:2.3:h:hidglobal:iclass_se_reader_configuration_cards:-:*:*:*:*:*:*:*

References

Notification
Message here