During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes
to check. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the targeted
device
References
| Link | Resource |
|---|---|
| https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | Vendor Advisory |
| https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
Configuration 2 (hide)
| AND |
|
Configuration 3 (hide)
| AND |
|
Configuration 4 (hide)
| AND |
|
Configuration 5 (hide)
| AND |
|
Configuration 6 (hide)
| AND |
|
Configuration 7 (hide)
| AND |
|
Configuration 8 (hide)
| AND |
|
History
21 Nov 2024, 08:05
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| References | () https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf - Vendor Advisory |
21 Dec 2023, 19:25
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-787 | |
| References | () https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf - Vendor Advisory | |
| First Time |
Idemia sigma Lite\+
Idemia sigma Lite\+ Firmware Idemia sigma Lite Firmware Idemia morphowave Sp Firmware Idemia morphowave Xp Firmware Idemia sigma Extreme Idemia visionpass Idemia morphowave Compact Idemia sigma Lite Idemia sigma Wide Idemia sigma Wide Firmware Idemia visionpass Firmware Idemia sigma Extreme Firmware Idemia morphowave Compact Firmware Idemia Idemia morphowave Sp Idemia morphowave Xp |
|
| CPE | cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_lite\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_lite\+:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
15 Dec 2023, 12:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-12-15 12:15
Updated : 2024-11-21 08:05
NVD link : CVE-2023-33220
Mitre link : CVE-2023-33220
CVE.ORG link : CVE-2023-33220
JSON object : View
Products Affected
idemia
- morphowave_xp_firmware
- sigma_lite_firmware
- sigma_lite\+
- visionpass
- sigma_lite\+_firmware
- morphowave_sp_firmware
- sigma_lite
- sigma_wide_firmware
- morphowave_xp
- morphowave_sp
- sigma_wide
- morphowave_compact
- morphowave_compact_firmware
- sigma_extreme
- sigma_extreme_firmware
- visionpass_firmware