Search

Find a vulnerability

Search criteria

    12 vulnerabilities found for morphowave_xp_firmware by idemia

    CVE-2023-33222 (GCVE-0-2023-33222)

    Vulnerability from nvd – Published: 2023-12-15 11:33 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack buffer overflow when reading DESFire card
    Summary
    When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn\u0027t \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn\u0027t \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:33:17.760Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow when reading DESFire card",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33222",
        "datePublished": "2023-12-15T11:33:17.760Z",
        "dateReserved": "2023-05-18T14:32:49.223Z",
        "dateUpdated": "2024-08-02T15:39:35.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33221 (GCVE-0-2023-33221)

    Vulnerability from nvd – Published: 2023-12-15 11:32 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Heap Buffer Overflow when reading DESFire card
    Summary
    When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn\u0027t properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn\u0027t properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:32:48.427Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": " Heap Buffer Overflow when reading DESFire card",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33221",
        "datePublished": "2023-12-15T11:32:48.427Z",
        "dateReserved": "2023-05-18T14:32:49.223Z",
        "dateUpdated": "2024-08-02T15:39:35.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33220 (GCVE-0-2023-33220)

    Vulnerability from nvd – Published: 2023-12-15 11:32 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack Buffer Overflow when checking some attributes during retrofit
    Summary
    During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.750Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\n\nDuring the retrofit validation process, the firmware doesn\u0027t properly check the boundaries while copying some attributes \nto check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted \ndevice\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\nDuring the retrofit validation process, the firmware doesn\u0027t properly check the boundaries while copying some attributes \nto check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted \ndevice\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:32:14.742Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow when checking some attributes during retrofit",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33220",
        "datePublished": "2023-12-15T11:32:14.742Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33219 (GCVE-0-2023-33219)

    Vulnerability from nvd – Published: 2023-12-15 11:31 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack Buffer Overflow when checking retrofit package
    Summary
    The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.844Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\nThe handler of the retrofit validation command doesn\u0027t properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\nThe handler of the retrofit validation command doesn\u0027t properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:31:45.798Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow when checking retrofit package",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33219",
        "datePublished": "2023-12-15T11:31:45.798Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33218 (GCVE-0-2023-33218)

    Vulnerability from nvd – Published: 2023-12-15 11:31 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack Buffer Overflow in a binary run at upgrade startup
    Summary
    The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. \nThis could potentially lead to a Remote Code execution on the targeted device.\n\n"
                }
              ],
              "value": "\n\n\nThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. \nThis could potentially lead to a Remote Code execution on the targeted device.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:31:27.575Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow in a binary run at upgrade startup",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33218",
        "datePublished": "2023-12-15T11:31:27.575Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33217 (GCVE-0-2023-33217)

    Vulnerability from nvd – Published: 2023-12-15 10:45 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Missing integrity check on upgrade package
    Summary
    By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it\u0027s possible to cause a permanent \ndenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer"
                }
              ],
              "value": "\nBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it\u0027s possible to cause a permanent \ndenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T10:45:30.637Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing integrity check on upgrade package",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33217",
        "datePublished": "2023-12-15T10:45:30.637Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33222 (GCVE-0-2023-33222)

    Vulnerability from cvelistv5 – Published: 2023-12-15 11:33 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack buffer overflow when reading DESFire card
    Summary
    When handling contactless cards, usage of a specific function to get additional information from the card which doesn't check the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.827Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn\u0027t \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn\u0027t \ncheck the boundary on the data received while reading. This allows a stack-based buffer overflow that could lead to a \npotential Remote Code Execution on the targeted device\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:33:17.760Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack buffer overflow when reading DESFire card",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33222",
        "datePublished": "2023-12-15T11:33:17.760Z",
        "dateReserved": "2023-05-18T14:32:49.223Z",
        "dateUpdated": "2024-08-02T15:39:35.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33221 (GCVE-0-2023-33221)

    Vulnerability from cvelistv5 – Published: 2023-12-15 11:32 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Heap Buffer Overflow when reading DESFire card
    Summary
    When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.
    CWE
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.729Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn\u0027t properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn\u0027t properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "HIGH",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-122",
                  "description": "CWE-122 Heap-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:32:48.427Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": " Heap Buffer Overflow when reading DESFire card",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33221",
        "datePublished": "2023-12-15T11:32:48.427Z",
        "dateReserved": "2023-05-18T14:32:49.223Z",
        "dateUpdated": "2024-08-02T15:39:35.729Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33220 (GCVE-0-2023-33220)

    Vulnerability from cvelistv5 – Published: 2023-12-15 11:32 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack Buffer Overflow when checking some attributes during retrofit
    Summary
    During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.750Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\n\n\nDuring the retrofit validation process, the firmware doesn\u0027t properly check the boundaries while copying some attributes \nto check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted \ndevice\n\n\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\n\n\nDuring the retrofit validation process, the firmware doesn\u0027t properly check the boundaries while copying some attributes \nto check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted \ndevice\n\n\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:32:14.742Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow when checking some attributes during retrofit",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33220",
        "datePublished": "2023-12-15T11:32:14.742Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.750Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33219 (GCVE-0-2023-33219)

    Vulnerability from cvelistv5 – Published: 2023-12-15 11:31 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack Buffer Overflow when checking retrofit package
    Summary
    The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.844Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\n\n\nThe handler of the retrofit validation command doesn\u0027t properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"
                }
              ],
              "value": "\n\n\n\n\nThe handler of the retrofit validation command doesn\u0027t properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:31:45.798Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow when checking retrofit package",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33219",
        "datePublished": "2023-12-15T11:31:45.798Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.844Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33218 (GCVE-0-2023-33218)

    Vulnerability from cvelistv5 – Published: 2023-12-15 11:31 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Stack Buffer Overflow in a binary run at upgrade startup
    Summary
    The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.
    CWE
    • CWE-121 - Stack-based Buffer Overflow
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.856Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\n\nThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. \nThis could potentially lead to a Remote Code execution on the targeted device.\n\n"
                }
              ],
              "value": "\n\n\nThe Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. \nThis could potentially lead to a Remote Code execution on the targeted device.\n\n"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-100",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-100 Overflow Buffers"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 9.1,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-121",
                  "description": "CWE-121 Stack-based Buffer Overflow",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T11:31:27.575Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Stack Buffer Overflow in a binary run at upgrade startup",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33218",
        "datePublished": "2023-12-15T11:31:27.575Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.856Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-33217 (GCVE-0-2023-33217)

    Vulnerability from cvelistv5 – Published: 2023-12-15 10:45 – Updated: 2024-08-02 15:39
    VLAI
    Title
    Missing integrity check on upgrade package
    Summary
    By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T15:39:35.734Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Lite \u0026 Lite +",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Wide",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "SIGMA Extreme",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "4.15.5",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave Compact/XP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "VisionPass",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "2.12.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "MorphoWave SP",
              "vendor": "IDEMIA",
              "versions": [
                {
                  "lessThan": "1.2.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\nBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it\u0027s possible to cause a permanent \ndenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer"
                }
              ],
              "value": "\nBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it\u0027s possible to cause a permanent \ndenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer"
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-153",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "CAPEC-153 Input Data Manipulation"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            },
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 4.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the  command issued to the termina"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20 Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-12-15T10:45:30.637Z",
            "orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
            "shortName": "IDEMIA"
          },
          "references": [
            {
              "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Missing integrity check on upgrade package",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab",
        "assignerShortName": "IDEMIA",
        "cveId": "CVE-2023-33217",
        "datePublished": "2023-12-15T10:45:30.637Z",
        "dateReserved": "2023-05-18T14:32:49.222Z",
        "dateUpdated": "2024-08-02T15:39:35.734Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }