Iclass Se Cp1000 Encoder Firmware
CVE-2024-22388
HIGH
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.
AnalysisAI
Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-1188. Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. Affected products include: Hidglobal Iclass Se Cp1000 Encoder Firmware, Hidglobal Iclass Se Readers Firmware, Hidglobal Iclass Se Reader Modules Firmware, Hidglobal Iclass Se Processors Firmware, Hidglobal Omnikey 5427Ck Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today