The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series.
Metrics
Affected Vendors & Products
References
History
Sat, 19 Oct 2024 23:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dormakaba
Dormakaba confidant Firmware Dormakaba quantum Firmware Dormakaba saffire Firmware Dormakaba saflok Mt Firmware Dormakaba saflok Rt Firmware |
|
CPEs | cpe:2.3:o:dormakaba:confidant_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dormakaba:quantum_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dormakaba:saffire_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dormakaba:saflok_mt_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:dormakaba:saflok_rt_firmware:*:*:*:*:*:*:*:* |
|
Vendors & Products |
Dormakaba
Dormakaba confidant Firmware Dormakaba quantum Firmware Dormakaba saffire Firmware Dormakaba saflok Mt Firmware Dormakaba saflok Rt Firmware |
|
References |
| |
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-03-21T00:00:00
Updated: 2024-10-19T22:56:01.256760
Reserved: 2024-03-21T00:00:00
Link: CVE-2024-29916
Vulnrichment
Updated: 2024-08-02T01:17:58.598Z
NVD
Status : Awaiting Analysis
Published: 2024-03-21T17:15:09.897
Modified: 2024-11-21T09:08:36.687
Link: CVE-2024-29916
Redhat
No data.