CVE-2023-0248 Vulnerability Details

  /     /     /  

CVE-2023-0248 Metadata Quick Info

CVE Published: 14/12/2023 | CVE Updated: 08/10/2024 | CVE Year: 2023
Source: jci | Vendor: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc. | Product: ioSmart Gen1
Status : PUBLISHED

CVE-2023-0248 Description

An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader\'s communication memory between the card and reader.

Metrics

CVSS Version: 3.1 | Base Score: 7.5 HIGH
Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L

l➤ Exploitability Metrics:
    Attack Vector (AV)* ADJACENT_NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* LOW
    Integrity Impact (I)* HIGH
    Availability Impact (A)* LOW

Weakness Enumeration (CWE)

CWE-ID: CWE-200
CWE Name: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
Source: Sensormatic Electronics, a subsidiary of Johnson Controls, Inc.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-54
CAPEC Description: CAPEC-54 Query System for Information


Source: NVD (National Vulnerability Database).

Last added CVEs

▸ CVE-2024-9999 ◂
Discovered: 12/11/2024
Status: PUBLISHED
▸ CVE-2024-9997 ◂
Discovered: 29/10/2024
Status: PUBLISHED
▸ CVE-2024-9996 ◂
Discovered: 29/10/2024
Status: PUBLISHED



Tags:
CVE-2023-0248 Vulnerability Details