CVE-2024-58311

Summary

Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.

Affected Software

VendorProductVersion RangeStatus
dormakabaDormakaba Saflok System 6000Unknownaffected

Weaknesses

  • CWE-1245: CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References