Vulnerability Description
The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any users of the webserver administration interface. The root cause of the vulnerability is inadequate input validation and output encoding in the web administration interface component of the firmware. This could lead to unauthorized access and data leakage
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Idemia | Sgima Lite \& Lite\+ Firmware | All versions |
| Idemia | Sgima Lite \& Lite\+ | - |
| Idemia | Sigma Wide Firmware | All versions |
| Idemia | Sigma Wide | - |
| Idemia | Sigma Extreme Firmware | All versions |
| Idemia | Sigma Extreme | - |
| Idemia | Morphowave Compact Firmware | All versions |
| Idemia | Morphowave Compact | - |
| Idemia | Morphowave Sp Firmware | All versions |
| Idemia | Morphowave Sp | - |
| Idemia | Visionpass Firmware | All versions |
| Idemia | Visionpass | - |
Related Weaknesses (CWE)
References
- https://www.idemia.com/vulnerability-informationVendor Advisory
- https://www.idemia.com/vulnerability-informationVendor Advisory
FAQ
What is CVE-2023-4667?
CVE-2023-4667 is a vulnerability with a CVSS score of 8.1 (HIGH). The web interface of the PAC Device allows the device administrator user profile to store malicious scripts in some fields. The stored malicious script is then executed when the GUI is opened by any ...
How severe is CVE-2023-4667?
CVE-2023-4667 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-4667?
Check the references section above for vendor advisories and patch information. Affected products include: Idemia Sgima Lite \& Lite\+ Firmware, Idemia Sgima Lite \& Lite\+, Idemia Sigma Wide Firmware, Idemia Sigma Wide, Idemia Sigma Extreme Firmware.