CVE-2023-0248
CVSS 3.1 Score 5.3 of 10 (medium)
Confidentiality high
Attack Complexity high
Integrity none
Availability none
Scope unchanged
Privileges Required none
Details
Published Dec 14, 2023
Updated: Dec 21, 2023
CWE ID 200
CWE ID 401
Summary
CVE-2023-0248 is a vulnerability affecting Kantech Gen1 ioSmart card readers with firmware versions prior to 1.07.02. An attacker with physical access to the reader can exploit this issue and recover the communication memory between the card and reader in certain circumstances. This memory may contain sensitive information, such as previously used access cards or their encryption keys, posing a risk to security. Users are advised to update their readers to the latest firmware version to mitigate this issue.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share