mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
88 lines
3.1 KiB
JSON
88 lines
3.1 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2024-29941",
|
|
"ASSIGNER": "security-disclosures@ict.co",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware\nbinary allows malicious actors to create credentials for any site code and card number that is using the default\nICT encryption.\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "Integrated Control Technology",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "TSEC",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_affected": "=",
|
|
"version_value": "0"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://ict.co/media/1xdhaugi/credential-cloning.pdf",
|
|
"refsource": "MISC",
|
|
"name": "https://ict.co/media/1xdhaugi/credential-cloning.pdf"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.1.0-dev"
|
|
},
|
|
"source": {
|
|
"discovery": "UNKNOWN"
|
|
},
|
|
"work_around": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<ul><li>\n\nUse custom keysets unique to customer sites\nto prevent cards being created by third parties\nusing exploited publicly available default keysets\n\n</li><li>\n\nSetup two-factor authentication (2FA) on all doors where PIN\nreaders are installed to mitigate the risk of using\ncredentials with publicly available default keysets\n\n<br></li></ul>"
|
|
}
|
|
],
|
|
"value": " * \n\nUse custom keysets unique to customer sites\nto prevent cards being created by third parties\nusing exploited publicly available default keysets\n\n * \n\nSetup two-factor authentication (2FA) on all doors where PIN\nreaders are installed to mitigate the risk of using\ncredentials with publicly available default keysets\n\n"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Thomas Hobson"
|
|
}
|
|
]
|
|
} |