CVE-2023-33221

When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code Execution on the targeted device. This is especially problematic if you use Default DESFire key.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:idemia:sigma_lite\+_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_lite\+:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND

cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND

cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND

cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND

cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-12-15 12:15

Updated : 2023-12-21 19:25

NVD link : CVE-2023-33221

Mitre link : CVE-2023-33221

CVE.ORG link : CVE-2023-33221

JSON object : View

Products Affected

idemia

sigma_wide
sigma_wide_firmware
sigma_extreme
sigma_extreme_firmware
sigma_lite
morphowave_sp_firmware
morphowave_xp_firmware
sigma_lite\+_firmware
morphowave_sp
sigma_lite\+
sigma_lite_firmware
morphowave_compact
visionpass
visionpass_firmware
morphowave_compact_firmware
morphowave_xp

CWE

CWE-787

Out-of-bounds Write

CWE-122

Heap-based Buffer Overflow

{"id": "CVE-2023-33221", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.9}]}, "published": "2023-12-15T12:15:43.927", "references": [{"url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", "tags": ["Vendor Advisory"], "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-787"}]}, {"type": "Secondary", "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "description": [{"lang": "en", "value": "CWE-122"}]}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\n\n\n\n\nWhen reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying \ninternally the data received. This allows a heap based buffer overflow that could lead to a potential Remote Code \nExecution on the targeted device. This is especially problematic if you use Default DESFire key.\n\n\n\n\n\n\n\n"}, {"lang": "es", "value": "Al leer las claves de DesFire, la funci\u00f3n que lee la tarjeta no verifica correctamente los l\u00edmites al copiar internamente los datos recibidos. Esto permite un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico que podr\u00eda conducir a una posible ejecuci\u00f3n remota de c\u00f3digo en el dispositivo de destino. Esto es especialmente problem\u00e1tico si utiliza la clave DESFire predeterminada."}], "lastModified": "2023-12-21T19:25:12.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B", "versionEndExcluding": "4.15.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A", "versionEndExcluding": "2.12.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F", "versionEndExcluding": "2.12.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96", "versionEndExcluding": "2.12.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE", "versionEndExcluding": "1.2.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab"}