// For flags

CVE-2023-33220

Stack Buffer Overflow when checking some attributes during retrofit

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes
to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted
device

Durante el proceso de validación de actualización, el firmware no verifica adecuadamente los límites mientras copia algunos atributos para verificar. Esto permite un desbordamiento del búfer basado en pila que podría provocar una posible ejecución remota de código en el dispositivo de destino.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-05-18 CVE Reserved
  • 2023-12-15 CVE Published
  • 2023-12-22 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-121: Stack-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
  • CAPEC-100: Overflow Buffers
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Idemia
Search vendor "Idemia"
Sigma Lite Firmware
Search vendor "Idemia" for product "Sigma Lite Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Lite Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite
Search vendor "Idemia" for product "Sigma Lite"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Lite\+ Firmware
Search vendor "Idemia" for product "Sigma Lite\+ Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Lite\+ Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite\+
Search vendor "Idemia" for product "Sigma Lite\+"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Extreme Firmware
Search vendor "Idemia" for product "Sigma Extreme Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Extreme Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Extreme
Search vendor "Idemia" for product "Sigma Extreme"
--
Safe
Idemia
Search vendor "Idemia"
Sigma Wide Firmware
Search vendor "Idemia" for product "Sigma Wide Firmware"
< 4.15.5
Search vendor "Idemia" for product "Sigma Wide Firmware" and version " < 4.15.5"
-
Affected
in Idemia
Search vendor "Idemia"
Sigma Wide
Search vendor "Idemia" for product "Sigma Wide"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Firmware
Search vendor "Idemia" for product "Morphowave Compact Firmware"
< 2.12.2
Search vendor "Idemia" for product "Morphowave Compact Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact
Search vendor "Idemia" for product "Morphowave Compact"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Xp Firmware
Search vendor "Idemia" for product "Morphowave Xp Firmware"
< 2.12.2
Search vendor "Idemia" for product "Morphowave Xp Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Xp
Search vendor "Idemia" for product "Morphowave Xp"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Firmware
Search vendor "Idemia" for product "Visionpass Firmware"
< 2.12.2
Search vendor "Idemia" for product "Visionpass Firmware" and version " < 2.12.2"
-
Affected
in Idemia
Search vendor "Idemia"
Visionpass
Search vendor "Idemia" for product "Visionpass"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Sp Firmware
Search vendor "Idemia" for product "Morphowave Sp Firmware"
< 1.2.7
Search vendor "Idemia" for product "Morphowave Sp Firmware" and version " < 1.2.7"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Sp
Search vendor "Idemia" for product "Morphowave Sp"
--
Safe