Improper Authorization in HID iCLASS SE reader configuration cards and OMNIKEY Secure Elements reader configuration cards - CVE-2024-23806
Published: February 7, 2024
Vulnerability identifier: #VU86196
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-23806
CWE-ID: CWE-285
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
HID iCLASS SE reader configuration cards
OMNIKEY Secure Elements reader configuration cards
HID iCLASS SE reader configuration cards
OMNIKEY Secure Elements reader configuration cards
Software vendor:
HID Global
HID Global
Description
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. An attacker with physical access can extract sensitive data from HID iCLASS SE reader configuration cards.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.