Improper Authorization in HID iCLASS SE reader configuration cards and OMNIKEY Secure Elements reader configuration cards - CVE-2024-23806

 

Improper Authorization in HID iCLASS SE reader configuration cards and OMNIKEY Secure Elements reader configuration cards - CVE-2024-23806

Published: February 7, 2024


Vulnerability identifier: #VU86196
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-23806
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: HID Global
Affected software:
HID iCLASS SE reader configuration cards
OMNIKEY Secure Elements reader configuration cards

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to improper authorization. An attacker with physical access can extract sensitive data from HID iCLASS SE reader configuration cards.


How to mitigate CVE-2024-23806

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Sources