Sigma Lite Firmware
CVE-2023-33217
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer
AnalysisAI
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-20. By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent denial of service for the terminal. the only way to recover the terminal is by sending back the terminal to the manufacturer Affected products include: Idemia Sigma Lite Firmware, Idemia Sigma Lite\+ Firmware, Idemia Sigma Extreme Firmware, Idemia Sigma Wide Firmware, Idemia Morphowave Compact Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sigma Lite Firmware
View allWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn't
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internal
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critic
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma de
Same weakness CWE-20 – Improper Input Validation
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today