Sigma Lite Firmware
CVE-2023-33218
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device.
AnalysisAI
The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-121. The Parameter Zone Read and Parameter Zone Write command handlers allow performing a Stack buffer overflow. This could potentially lead to a Remote Code execution on the targeted device. Affected products include: Idemia Sigma Lite Firmware, Idemia Sigma Lite\+ Firmware, Idemia Sigma Extreme Firmware, Idemia Sigma Wide Firmware, Idemia Morphowave Compact Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Sigma Lite Firmware
View allWhen handling contactless cards, usage of a specific function to get additional information from the card which doesn't
When reading DesFire keys, the function that reads the card isn't properly checking the boundaries when copying internal
During the retrofit validation process, the firmware doesn't properly check the boundaries while copying some attributes
The handler of the retrofit validation command doesn't properly check the boundaries when performing certain validation
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma de
By abusing a design flaw in the firmware upgrade mechanism of the impacted terminal it's possible to cause a permanent d
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Stack Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today