Vulnerabilities > CVE-2024-22388 - Insecure Default Initialization of Resource vulnerability in Hidglobal products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

hidglobal

CWE-1188

NVD

Published: 2024-02-06

Updated: 2024-10-17

Summary

Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys.

Vulnerable Configurations

Part	Description	Count
OS	Hidglobal Hidglobal Iclass SE Cp1000 Encoder Firmware * Hidglobal Iclass SE Readers Firmware * Hidglobal Iclass SE Reader Modules Firmware * Hidglobal Iclass SE Processors Firmware * Hidglobal Omnikey 5427Ck Firmware * Hidglobal Omnikey 5127Ck Firmware * Hidglobal Omnikey 5023 Firmware * Hidglobal Omnikey 5027 Firmware *	8
Hardware	Hidglobal Hidglobal Iclass SE Cp1000 Encoder - Hidglobal Iclass SE Readers - Hidglobal Iclass SE Reader Modules - Hidglobal Iclass SE Processors - Hidglobal Omnikey 5427Ck - Hidglobal Omnikey 5127Ck - Hidglobal Omnikey 5023 - Hidglobal Omnikey 5027 -	8

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References