#VU86199 Improper Authorization in HID Global Hardware solutions


Published: 2024-02-07

Vulnerability identifier: #VU86199

Vulnerability risk: Low

CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2024-22388

CWE-ID: CWE-285

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
iCLASS SE CP1000 Encoder
Hardware solutions / Other hardware appliances
iCLASS SE Readers
Hardware solutions / Other hardware appliances
iCLASS SE Reader Modules
Hardware solutions / Other hardware appliances
iCLASS SE Processors
Hardware solutions / Other hardware appliances
OMNIKEY 5427CK Readers
Hardware solutions / Other hardware appliances
OMNIKEY 5127CK Readers
Hardware solutions / Other hardware appliances
OMNIKEY 5023 Readers
Hardware solutions / Other hardware appliances
OMNIKEY 5027 Readers
Hardware solutions / Other hardware appliances

Vendor: HID Global

Description

The vulnerability allows a local attacker to bypass authorization checks.

The vulnerability exists due to improper authorization. A local attacker can extract sensitive data when reader configuration cards are programmed.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

iCLASS SE CP1000 Encoder: All versions

iCLASS SE Readers: All versions

iCLASS SE Reader Modules: All versions

iCLASS SE Processors: All versions

OMNIKEY 5427CK Readers: All versions

OMNIKEY 5127CK Readers: All versions

OMNIKEY 5023 Readers: All versions

OMNIKEY 5027 Readers: All versions


External links
http://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01
http://support.hidglobal.com/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability