CVE-2023-33219

The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation operations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted device

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:idemia:sigma_lite\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_lite\+:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-15 12:15

Updated : 2023-12-21 19:16

NVD link : CVE-2023-33219

Mitre link : CVE-2023-33219

CVE.ORG link : CVE-2023-33219

JSON object : View

Products Affected

idemia

sigma_wide
sigma_wide_firmware
sigma_extreme
sigma_extreme_firmware
sigma_lite
morphowave_sp_firmware
morphowave_xp_firmware
sigma_lite\+_firmware
morphowave_sp
sigma_lite\+
sigma_lite_firmware
morphowave_compact
visionpass
visionpass_firmware
morphowave_compact_firmware
morphowave_xp

CWE

CWE-787

Out-of-bounds Write

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2023-33219", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2023-12-15T12:15:43.530", "references": [{"url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", "tags": ["Vendor Advisory"], "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\nThe handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"}, {"lang": "es", "value": "El controlador del comando de validaci\u00f3n de actualizaci\u00f3n no verifica adecuadamente los l\u00edmites al realizar ciertas operaciones de validaci\u00f3n. Esto permite un desbordamiento del b\u00fafer basado en pila que podr\u00eda provocar una posible ejecuci\u00f3n remota de c\u00f3digo en el dispositivo de destino."}], "lastModified": "2023-12-21T19:16:04.573", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A", "versionEndExcluding": "2.12.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F", "versionEndExcluding": "2.12.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96", "versionEndExcluding": "2.12.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE", "versionEndExcluding": "1.2.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab"}