5.3
CVE-2024-23806
- EPSS 0.25%
- Veröffentlicht 07.02.2024 17:15:10
- Zuletzt bearbeitet 21.11.2024 08:58:27
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginHID Global Reader Configuration Cards Improper Authorization
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.163 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 0.9 | 4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
| ics-cert@hq.dhs.gov | 5.3 | 0.9 | 4 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
|
CWE-285 Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02
https://www.hidglobal.com/support
https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02