The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series.
History

Sat, 19 Oct 2024 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Dormakaba
Dormakaba confidant Firmware
Dormakaba quantum Firmware
Dormakaba saffire Firmware
Dormakaba saflok Mt Firmware
Dormakaba saflok Rt Firmware
CPEs cpe:2.3:o:dormakaba:confidant_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dormakaba:quantum_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dormakaba:saffire_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dormakaba:saflok_mt_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:dormakaba:saflok_rt_firmware:*:*:*:*:*:*:*:*
Vendors & Products Dormakaba
Dormakaba confidant Firmware
Dormakaba quantum Firmware
Dormakaba saffire Firmware
Dormakaba saflok Mt Firmware
Dormakaba saflok Rt Firmware
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-03-21T00:00:00

Updated: 2024-10-19T22:56:01.256760

Reserved: 2024-03-21T00:00:00

Link: CVE-2024-29916

cve-icon Vulnrichment

Updated: 2024-08-02T01:17:58.598Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-03-21T17:15:09.897

Modified: 2024-11-21T09:08:36.687

Link: CVE-2024-29916

cve-icon Redhat

No data.