CVE-2023-0248

CVSS 3.1 Score 5.3 of 10 (medium)

Confidentiality high
Attack Complexity high
Integrity none
Availability none
Scope unchanged
Privileges Required none

Details

Published Dec 14, 2023
Updated: Dec 21, 2023
CWE ID 200
CWE ID 401

Summary

CVE-2023-0248 is a vulnerability affecting Kantech Gen1 ioSmart card readers with firmware versions prior to 1.07.02. An attacker with physical access to the reader can exploit this issue and recover the communication memory between the card and reader in certain circumstances. This memory may contain sensitive information, such as previously used access cards or their encryption keys, posing a risk to security. Users are advised to update their readers to the latest firmware version to mitigate this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share