// For flags

CVE-2023-33217

Missing integrity check on upgrade package

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent
denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

Al abusar de un defecto de diseño en el mecanismo de actualización del firmware del terminal afectado, es posible provocar una denegación permanente de servicio para el terminal. La única forma de recuperar el terminal es devolviéndolo al fabricante.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-05-18 CVE Reserved
  • 2023-12-15 CVE Published
  • 2023-12-22 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
  • CAPEC-153: Input Data Manipulation
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Idemia
Search vendor "Idemia"
Sigma Lite Firmware
Search vendor "Idemia" for product "Sigma Lite Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Lite Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite
Search vendor "Idemia" for product "Sigma Lite"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Lite\+ Firmware
Search vendor "Idemia" for product "Sigma Lite\+ Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Lite\+ Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite\+
Search vendor "Idemia" for product "Sigma Lite\+"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Extreme Firmware
Search vendor "Idemia" for product "Sigma Extreme Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Extreme Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Extreme
Search vendor "Idemia" for product "Sigma Extreme"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Wide Firmware
Search vendor "Idemia" for product "Sigma Wide Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Wide Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Wide
Search vendor "Idemia" for product "Sigma Wide"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Firmware
Search vendor "Idemia" for product "Morphowave Compact Firmware"
< 2.12.2
Search vendor "Idemia" for product "Morphowave Compact Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact
Search vendor "Idemia" for product "Morphowave Compact"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Xp Firmware
Search vendor "Idemia" for product "Morphowave Xp Firmware"
< 2.12.2
Search vendor "Idemia" for product "Morphowave Xp Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Xp
Search vendor "Idemia" for product "Morphowave Xp"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Firmware
Search vendor "Idemia" for product "Visionpass Firmware"
< 2.12.2
Search vendor "Idemia" for product "Visionpass Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Visionpass
Search vendor "Idemia" for product "Visionpass"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Sp Firmware
Search vendor "Idemia" for product "Morphowave Sp Firmware"
< 1.2.7
Search vendor "Idemia" for product "Morphowave Sp Firmware" and version " < 1.2.7"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Sp
Search vendor "Idemia" for product "Morphowave Sp"
--
Safe