CVE-2023-33217 : By abusing a design flaw in the firmware upgrade mechanism of the impacted termi

By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer

Published 2023-12-15 11:15:09

Updated 2023-12-21 19:24:41

Source

View at NVD, CVE.org

Vulnerability category: Input validationDenial of service

Products affected by CVE-2023-33217

Idemia » Sigma Lite Firmware
Versions before (<) 4.15.5
cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Sigma Lite » Version: N/A
Idemia » Sigma Lite+ Firmware
Versions before (<) 4.15.5
cpe:2.3:o:idemia:sigma_lite\+_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Sigma Lite+ » Version: N/A
Idemia » Sigma Wide Firmware
Versions before (<) 4.15.5
cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Sigma Wide » Version: N/A
Idemia » Sigma Extreme Firmware
Versions before (<) 4.15.5
cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Sigma Extreme » Version: N/A
Idemia » Morphowave Compact Firmware
Versions before (<) 2.12.2
cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Morphowave Compact » Version: N/A
Idemia » Morphowave Sp Firmware
Versions before (<) 1.2.7
cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Morphowave Sp » Version: N/A
Idemia » Visionpass Firmware
Versions before (<) 2.12.2
cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Visionpass » Version: N/A
Idemia » Morphowave Xp Firmware
Versions before (<) 2.12.2
cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*
Matching versions
When used together with: Idemia » Morphowave Xp » Version: N/A

Exploit prediction scoring system (EPSS) score for CVE-2023-33217

EPSS FAQ

0.22%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 42 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-33217

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	IDEMIA
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2023-33217

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: a87f365f-9d39-4848-9b3a-58c7cae69cab (Secondary)

References for CVE-2023-33217

https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf

Vendor Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-33217

Products affected by CVE-2023-33217

Exploit prediction scoring system (EPSS) score for CVE-2023-33217

CVSS scores for CVE-2023-33217

CWE ids for CVE-2023-33217

References for CVE-2023-33217