CVE-2024-22388

Insecure Default Initialization of Resource in HID Global

CVSS 5.9 MEDIUMEPSS 0.2%CWE-1188

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.9EPSS 0.2%KEV nãoPoC —Patch —

Lifecycle

Feb 06, 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Affected products

HID Global · iCLASS SE CP1000 Encoder HID Global · iCLASS SE Processors HID Global · iCLASS SE Reader Modules HID Global · iCLASS SE Readers HID Global · OMNIKEY 5023 Readers HID Global · OMNIKEY 5027 Readers HID Global · OMNIKEY 5127CK Readers HID Global · OMNIKEY 5427CK Readers

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hidglobal.com/https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01