The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface.
The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware.
This could lead to unauthorized access and data leakage
References
Link | Resource |
---|---|
https://www.idemia.com/vulnerability-information | Vendor Advisory |
https://www.idemia.com/vulnerability-information | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
History
21 Nov 2024, 08:35
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.idemia.com/vulnerability-information - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
05 Dec 2023, 18:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:idemia:sigma_wide:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_extreme_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_sp_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sgima_lite_\&_lite\+_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_wide_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:visionpass:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_sp:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sgima_lite_\&_lite\+:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_extreme:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_compact_firmware:*:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
References | () https://www.idemia.com/vulnerability-information - Vendor Advisory | |
First Time |
Idemia sigma Extreme
Idemia morphowave Sp Firmware Idemia visionpass Firmware Idemia sgima Lite \& Lite\+ Firmware Idemia sigma Extreme Firmware Idemia morphowave Compact Firmware Idemia sgima Lite \& Lite\+ Idemia morphowave Sp Idemia Idemia visionpass Idemia sigma Wide Firmware Idemia sigma Wide Idemia morphowave Compact |
|
CWE | CWE-79 |
28 Nov 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-28 09:15
Updated : 2024-11-21 08:35
NVD link : CVE-2023-4667
Mitre link : CVE-2023-4667
CVE.ORG link : CVE-2023-4667
JSON object : View
Products Affected
idemia
- sgima_lite_\&_lite\+
- sigma_wide
- visionpass_firmware
- morphowave_sp
- visionpass
- morphowave_compact
- sgima_lite_\&_lite\+_firmware
- morphowave_sp_firmware
- sigma_extreme_firmware
- sigma_extreme
- sigma_wide_firmware
- morphowave_compact_firmware
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')