The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow.
This could potentially lead to a Remote Code execution on the targeted device.
References
| Link | Resource |
|---|---|
| https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | Vendor Advisory |
| https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
History
21 Nov 2024, 08:05
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| References | () https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf - Vendor Advisory |
21 Dec 2023, 19:16
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-787 | |
| CPE | cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_lite\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_lite\+:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:* |
|
| References | () https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf - Vendor Advisory | |
| First Time |
Idemia sigma Lite\+
Idemia sigma Lite\+ Firmware Idemia sigma Lite Firmware Idemia morphowave Sp Firmware Idemia morphowave Xp Firmware Idemia sigma Extreme Idemia visionpass Idemia morphowave Compact Idemia sigma Lite Idemia sigma Wide Idemia sigma Wide Firmware Idemia visionpass Firmware Idemia sigma Extreme Firmware Idemia morphowave Compact Firmware Idemia Idemia morphowave Sp Idemia morphowave Xp |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
15 Dec 2023, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-15 12:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33218
Mitre link : CVE-2023-33218
CVE.ORG link : CVE-2023-33218
JSON object : View
Products Affected
idemia
- morphowave_xp_firmware
- sigma_lite_firmware
- sigma_lite\+
- visionpass
- sigma_lite\+_firmware
- morphowave_sp_firmware
- sigma_lite
- sigma_wide_firmware
- morphowave_xp
- morphowave_sp
- sigma_wide
- morphowave_compact
- morphowave_compact_firmware
- sigma_extreme
- sigma_extreme_firmware
- visionpass_firmware