CVE-2024-29941

{"id": "CVE-2024-29941", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 2.5}]}, "published": "2024-05-06T23:15:06.527", "references": [{"url": "https://ict.co/media/1xdhaugi/credential-cloning.pdf", "source": "56c94bcb-ac34-4d7f-b660-d297a6b7ff82"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-522"}]}], "descriptions": [{"lang": "en", "value": "Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware\nbinary allows malicious actors to create credentials for any site code and card number that is using the default\nICT encryption.\n\n"}, {"lang": "es", "value": "El almacenamiento inseguro de las claves de cifrado ICT MIFARE y DESFire en el binario del firmware permite a actores malintencionados crear credenciales para cualquier c\u00f3digo de sitio y n\u00famero de tarjeta que utilice el cifrado ICT predeterminado."}], "lastModified": "2024-08-01T13:49:37.723", "sourceIdentifier": "56c94bcb-ac34-4d7f-b660-d297a6b7ff82"}