CVE-2024-1578

{"id": "CVE-2024-1578", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 0.5}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 4.7, "exploitabilityScore": 0.5}], "cvssMetricV40": [{"type": "Secondary", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 5.3, "automatable": "NOT_DEFINED", "attackVector": "PHYSICAL", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:P/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "LOW", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "HIGH", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "HIGH", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-09-16T07:15:02.030", "references": [{"url": "https://ntware.atlassian.net/wiki/spaces/SA/pages/11973853216/2024+Security+Advisory+Multiple+MiCard+PLUS+card+reader+dropped+characters", "tags": ["Mitigation", "Third Party Advisory"], "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}, {"url": "https://www.canon-europe.com/psirt/advisory-information", "tags": ["Vendor Advisory"], "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3", "description": [{"lang": "en", "value": "CWE-1287"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \u2018ID card self-registration\u2019 function."}, {"lang": "es", "value": "Los lectores MiCard PLUS Ci y MiCard PLUS BLE desarrollados por rf IDEAS y renombrados por NT-ware tienen un fallo de firmware que puede provocar que se eliminen caracteres de forma aleatoria en algunas lecturas de tarjetas de identificaci\u00f3n, lo que dar\u00eda lugar a que se asignara un n\u00famero de tarjeta de identificaci\u00f3n incorrecto durante el autorregistro de la tarjeta de identificaci\u00f3n y podr\u00eda provocar intentos fallidos de inicio de sesi\u00f3n para los usuarios finales. La eliminaci\u00f3n aleatoria de caracteres de los n\u00fameros de tarjeta de identificaci\u00f3n compromete la unicidad de las tarjetas de identificaci\u00f3n, lo que puede, por lo tanto, generar un problema de seguridad si los usuarios utilizan la funci\u00f3n de \"autorregistro de tarjeta de identificaci\u00f3n\"."}], "lastModified": "2024-09-20T13:53:31.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rfideas:micard_plus_ci_firmware:0.1.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF183E5B-D277-422A-AEC8-3FA8253BEFDA"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rfideas:micard_plus_ci:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "34DA9EB3-51BA-4F27-83CF-25B1A4061C6E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:rfideas:micard_plus_ble_firmware:0.1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D897A1C4-F336-49A2-B805-F6CFA20234A1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:rfideas:micard_plus_ble:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D784B14-21AE-4BF0-A1AF-3E43E85E7F79"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3"}