Vulnerability identifier: #VU86199
Vulnerability risk: Low
CVSSv3.1: 5.4 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-285
Exploitation vector: Local
Exploit availability: No
Vulnerable software:
iCLASS SE CP1000 Encoder
Hardware solutions /
Other hardware appliances
iCLASS SE Readers
Hardware solutions /
Other hardware appliances
iCLASS SE Reader Modules
Hardware solutions /
Other hardware appliances
iCLASS SE Processors
Hardware solutions /
Other hardware appliances
OMNIKEY 5427CK Readers
Hardware solutions /
Other hardware appliances
OMNIKEY 5127CK Readers
Hardware solutions /
Other hardware appliances
OMNIKEY 5023 Readers
Hardware solutions /
Other hardware appliances
OMNIKEY 5027 Readers
Hardware solutions /
Other hardware appliances
Vendor: HID Global
Description
The vulnerability allows a local attacker to bypass authorization checks.
The vulnerability exists due to improper authorization. A local attacker can extract sensitive data when reader configuration cards are programmed.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
iCLASS SE CP1000 Encoder: All versions
iCLASS SE Readers: All versions
iCLASS SE Reader Modules: All versions
iCLASS SE Processors: All versions
OMNIKEY 5427CK Readers: All versions
OMNIKEY 5127CK Readers: All versions
OMNIKEY 5023 Readers: All versions
OMNIKEY 5027 Readers: All versions
External links
http://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01
http://support.hidglobal.com/
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.