{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-33219", "assignerOrgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "state": "PUBLISHED", "assignerShortName": "IDEMIA", "dateReserved": "2023-05-18T14:32:49.222Z", "datePublished": "2023-12-15T11:31:45.798Z", "dateUpdated": "2024-08-02T15:39:35.844Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "SIGMA Lite & Lite +", "vendor": "IDEMIA", "versions": [{"lessThan": "4.15.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SIGMA Wide", "vendor": "IDEMIA", "versions": [{"lessThan": "4.15.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "SIGMA Extreme", "vendor": "IDEMIA", "versions": [{"lessThan": "4.15.5", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MorphoWave Compact/XP", "vendor": "IDEMIA", "versions": [{"lessThan": "2.12.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "VisionPass", "vendor": "IDEMIA", "versions": [{"lessThan": "2.12.2", "status": "affected", "version": "0", "versionType": "custom"}]}, {"defaultStatus": "unaffected", "product": "MorphoWave SP", "vendor": "IDEMIA", "versions": [{"lessThan": "1.2.7", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\n\n\n\n\nThe handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"}], "value": "\n\n\n\n\nThe handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "if you have kept the default Enforced Security mode or enabled the mTLS to identify the origin of the command issued to the termina"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "shortName": "IDEMIA", "dateUpdated": "2023-12-15T11:31:45.798Z"}, "references": [{"url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"}], "source": {"discovery": "UNKNOWN"}, "title": "Stack Buffer Overflow when checking retrofit package", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T15:39:35.844Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "983A7DAD-1995-4A8A-8714-D47D4E90ABF2", "versionEndExcluding": "4.15.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite:-:*:*:*:*:*:*:*", "matchCriteriaId": "E2F8847F-E51A-4A64-A2D4-FCDD193E7AFA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "A2582E12-D19F-4660-A98C-6941C8C9081D", "versionEndExcluding": "4.15.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_lite\\+:-:*:*:*:*:*:*:*", "matchCriteriaId": "2BB49653-25EA-4F69-A1B7-0ACA58F85FF1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "865DE0C9-5384-45BD-AF81-5C416FCB962A", "versionEndExcluding": "4.15.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FB05B6D-7D4C-4148-A05A-751B272B0E25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E2D74C2-6C83-4111-B410-E81C7414309B", "versionEndExcluding": "4.15.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:*", "matchCriteriaId": "BE86F813-6021-4FEB-86A9-B7013EEB4416", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BDA2ED3-4875-45EB-8489-8C6B8F44EF2A", "versionEndExcluding": "2.12.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:*", "matchCriteriaId": "B36E662E-C713-47E5-B07E-F0D9F1C63E9D", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_xp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEAD097B-E5A8-492F-9ABB-75D5D15A8F9F", "versionEndExcluding": "2.12.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_xp:-:*:*:*:*:*:*:*", "matchCriteriaId": "2FA7252B-5871-4A13-B41D-752A5EA276F1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "1ED8DCF7-F85C-4513-BF69-5FE2D7185A96", "versionEndExcluding": "2.12.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:*", "matchCriteriaId": "CDABE653-294E-478C-B458-F9A1206A0E7E", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF554F0F-8E5D-40A2-A676-8984AB685CEE", "versionEndExcluding": "1.2.7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:*", "matchCriteriaId": "AFD369B0-119B-497B-9353-AB5E5E267FF9", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "\n\n\n\n\nThe handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation \noperations. This allows a stack-based buffer overflow that could lead to a potential Remote Code Execution on the \ntargeted device\n\n\n\n"}, {"lang": "es", "value": "El controlador del comando de validaci\u00f3n de actualizaci\u00f3n no verifica adecuadamente los l\u00edmites al realizar ciertas operaciones de validaci\u00f3n. Esto permite un desbordamiento del b\u00fafer basado en pila que podr\u00eda provocar una posible ejecuci\u00f3n remota de c\u00f3digo en el dispositivo de destino."}], "id": "CVE-2023-33219", "lastModified": "2024-11-21T08:05:09.773", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-15T12:15:43.530", "references": [{"source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "tags": ["Vendor Advisory"], "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.idemia.com/wp-content/uploads/2023/11/Security-Advisory-SA-2023-05-2.pdf"}], "sourceIdentifier": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "a87f365f-9d39-4848-9b3a-58c7cae69cab", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}