PT-2024-23138 · Dormakaba · Rt Series+5
Ian Carroll
+1
·
Published
2024-03-21
·
Updated
2024-10-19
·
CVE-2024-29916
CVSS v3.1
5.6
Medium
| Vector | AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
dormakaba Saflok system versions prior to November 2023 software update
Saflok MT versions prior to November 2023 software update
Confidant series versions prior to November 2023 software update
Quantum series versions prior to November 2023 software update
RT series versions prior to November 2023 software update
Saffire series versions prior to November 2023 software update
Description
The issue allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property. This occurs because the key derivation function relies only on a
UID.Recommendations
For dormakaba Saflok system versions prior to November 2023 software update, update to the November 2023 software update or later.
For Saflok MT versions prior to November 2023 software update, update to the November 2023 software update or later.
For Confidant series versions prior to November 2023 software update, update to the November 2023 software update or later.
For Quantum series versions prior to November 2023 software update, update to the November 2023 software update or later.
For RT series versions prior to November 2023 software update, update to the November 2023 software update or later.
For Saffire series versions prior to November 2023 software update, update to the November 2023 software update or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Confidant Series
Quantum Series
Rt Series
Saffire Series
Saflok Mt
Dormakaba Saflok System