CVE-2024-23806

HID Global Reader Configuration Cards Improper Authorization

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys.

Se pueden extraer datos confidenciales de las tarjetas de configuración del lector HID iCLASS SE. Esto podría incluir claves de administrador de dispositivos y credenciales.

*Credits: HID Global reported this vulnerability to CISA.

CVSS Scores

NISTv3.1 5.3

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2024-01-25 CVE Reserved
2024-02-07 CVE Published
2024-02-15 EPSS Updated
2024-10-11 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-285: Improper Authorization
CWE-287: Improper Authentication

CAPEC

References (3)

URL	Tag	Source
https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02	Broken Link
https://www.hidglobal.com/support	Product
https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hidglobal Search vendor "Hidglobal"	Omnikey Secure Elements Reader Configuration Cards Firmware Search vendor "Hidglobal" for product "Omnikey Secure Elements Reader Configuration Cards Firmware"	-	-	Affected	in	Hidglobal Search vendor "Hidglobal"	Omnikey Secure Elements Reader Configuration Cards Search vendor "Hidglobal" for product "Omnikey Secure Elements Reader Configuration Cards"	-	-	Safe
Hidglobal Search vendor "Hidglobal"	Iclass Se Reader Configuration Cards Firmware Search vendor "Hidglobal" for product "Iclass Se Reader Configuration Cards Firmware"	-	-	Affected	in	Hidglobal Search vendor "Hidglobal"	Iclass Se Reader Configuration Cards Search vendor "Hidglobal" for product "Iclass Se Reader Configuration Cards"	-	-	Safe