CVE-2023-0248

Published Dec 14, 2023

Last updated 6 months ago

CVSS high 7.5

Overview

Description: An attacker with physical access to the Kantech Gen1 ioSmart card reader with firmware version prior to 1.07.02 in certain circumstances can recover the reader's communication memory between the card and reader.
Source: productsecurity@jci.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.3
Impact score: 3.6
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

productsecurity@jci.com: CWE-200
nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:johnsoncontrols:iosmart_gen_1_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EAD2797-79E8-4ED4-87EC-914F08698414",
            "versionEndExcluding": "1.07.02"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:johnsoncontrols:iosmart_gen_1:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1FC9CD38-BBD7-4AB8-A7E1-87246BCD7812"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References