7.5

CVE-2023-33217

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent 
denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IdemiaSigma Lite Firmware Version < 4.15.5
   IdemiaSigma Lite Version-
IdemiaSigma Lite+ Firmware Version < 4.15.5
   IdemiaSigma Lite+ Version-
IdemiaSigma Extreme Firmware Version < 4.15.5
   IdemiaSigma Extreme Version-
IdemiaSigma Wide Firmware Version < 4.15.5
   IdemiaSigma Wide Version-
IdemiaMorphowave Compact Firmware Version < 2.12.2
   IdemiaMorphowave Compact Version-
IdemiaMorphowave Xp Firmware Version < 2.12.2
   IdemiaMorphowave Xp Version-
IdemiaVisionpass Firmware Version < 2.12.2
   IdemiaVisionpass Version-
IdemiaMorphowave Sp Firmware Version < 1.2.7
   IdemiaMorphowave Sp Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.317
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
a87f365f-9d39-4848-9b3a-58c7cae69cab 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.