CVE-2023-33217
Missing integrity check on upgrade package
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent
denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
Al abusar de un defecto de diseño en el mecanismo de actualización del firmware del terminal afectado, es posible provocar una denegación permanente de servicio para el terminal. La única forma de recuperar el terminal es devolviéndolo al fabricante.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-05-18 CVE Reserved
- 2023-12-15 CVE Published
- 2023-12-22 EPSS Updated
- 2024-08-02 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
- CAPEC-153: Input Data Manipulation
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | 2023-12-21 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Idemia Search vendor "Idemia" | Sigma Lite Firmware Search vendor "Idemia" for product "Sigma Lite Firmware" | < 4.15.5 Search vendor "Idemia" for product "Sigma Lite Firmware" and version " < 4.15.5" | - |
Affected
| in | Idemia Search vendor "Idemia" | Sigma Lite Search vendor "Idemia" for product "Sigma Lite" | - | - |
Safe
|
Idemia Search vendor "Idemia" | Sigma Lite\+ Firmware Search vendor "Idemia" for product "Sigma Lite\+ Firmware" | < 4.15.5 Search vendor "Idemia" for product "Sigma Lite\+ Firmware" and version " < 4.15.5" | - |
Affected
| in | Idemia Search vendor "Idemia" | Sigma Lite\+ Search vendor "Idemia" for product "Sigma Lite\+" | - | - |
Safe
|
Idemia Search vendor "Idemia" | Sigma Extreme Firmware Search vendor "Idemia" for product "Sigma Extreme Firmware" | < 4.15.5 Search vendor "Idemia" for product "Sigma Extreme Firmware" and version " < 4.15.5" | - |
Affected
| in | Idemia Search vendor "Idemia" | Sigma Extreme Search vendor "Idemia" for product "Sigma Extreme" | - | - |
Safe
|
Idemia Search vendor "Idemia" | Sigma Wide Firmware Search vendor "Idemia" for product "Sigma Wide Firmware" | < 4.15.5 Search vendor "Idemia" for product "Sigma Wide Firmware" and version " < 4.15.5" | - |
Affected
| in | Idemia Search vendor "Idemia" | Sigma Wide Search vendor "Idemia" for product "Sigma Wide" | - | - |
Safe
|
Idemia Search vendor "Idemia" | Morphowave Compact Firmware Search vendor "Idemia" for product "Morphowave Compact Firmware" | < 2.12.2 Search vendor "Idemia" for product "Morphowave Compact Firmware" and version " < 2.12.2" | - |
Affected
| in | Idemia Search vendor "Idemia" | Morphowave Compact Search vendor "Idemia" for product "Morphowave Compact" | - | - |
Safe
|
Idemia Search vendor "Idemia" | Morphowave Xp Firmware Search vendor "Idemia" for product "Morphowave Xp Firmware" | < 2.12.2 Search vendor "Idemia" for product "Morphowave Xp Firmware" and version " < 2.12.2" | - |
Affected
| in | Idemia Search vendor "Idemia" | Morphowave Xp Search vendor "Idemia" for product "Morphowave Xp" | - | - |
Safe
|
Idemia Search vendor "Idemia" | Visionpass Firmware Search vendor "Idemia" for product "Visionpass Firmware" | < 2.12.2 Search vendor "Idemia" for product "Visionpass Firmware" and version " < 2.12.2" | - |
Affected
| in | Idemia Search vendor "Idemia" | Visionpass Search vendor "Idemia" for product "Visionpass" | - | - |
Safe
|
Idemia Search vendor "Idemia" | Morphowave Sp Firmware Search vendor "Idemia" for product "Morphowave Sp Firmware" | < 1.2.7 Search vendor "Idemia" for product "Morphowave Sp Firmware" and version " < 1.2.7" | - |
Affected
| in | Idemia Search vendor "Idemia" | Morphowave Sp Search vendor "Idemia" for product "Morphowave Sp" | - | - |
Safe
|