CVE-2024-29941
8
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Summary
Insecure storage of the ICT MIFARE and DESFire encryption keys in the firmware binary allows malicious actors to create credentials for any site code and card number that is using the default ICT encryption.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Integrated Control Technology | TSEC | 0 | affected |
Weaknesses
Workarounds
Use custom keysets unique to customer sites to prevent cards being created by third parties using exploited publicly available default keysets
Setup two-factor authentication (2FA) on all doors where PIN readers are installed to mitigate the risk of using credentials with publicly available default keysets
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.