CVE-2023-33217

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:h:idemia:sigma_lite\+:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:sigma_lite\+_firmware:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*

cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-15 11:15

Updated : 2023-12-21 19:24

NVD link : CVE-2023-33217

Mitre link : CVE-2023-33217

CVE.ORG link : CVE-2023-33217

JSON object : View

Products Affected

idemia

sigma_wide
sigma_wide_firmware
sigma_extreme
sigma_lite
sigma_extreme_firmware
morphowave_sp_firmware
morphowave_xp_firmware
sigma_lite\+_firmware
morphowave_sp
sigma_lite\+
sigma_lite_firmware
morphowave_compact
visionpass
visionpass_firmware
morphowave_compact_firmware
morphowave_xp

CWE

NVD-CWE-noinfo CWE-20

Improper Input Validation

{"id": "CVE-2023-33217", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T11:15:08.960", "references": [{"url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", "tags": ["Vendor Advisory"], "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "\nBy abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent \ndenial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer"}, {"lang": "es", "value": "Al abusar de un defecto de dise\u00f1o en el mecanismo de actualizaci\u00f3n del firmware del terminal afectado, es posible provocar una denegaci\u00f3n permanente de servicio para el terminal. La \u00fanica forma de recuperar el terminal es devolvi\u00e9ndolo al fabricante."}], "lastModified": "2023-12-21T19:24:40.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2", "versionEndExcluding": "4.15.5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D", "versionEndExcluding": "4.15.5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A", "versionEndExcluding": "4.15.5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B", "versionEndExcluding": "4.15.5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A", "versionEndExcluding": "2.12.2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F", "versionEndExcluding": "2.12.2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96", "versionEndExcluding": "2.12.2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE", "versionEndExcluding": "1.2.7"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab"}