Firmware Integrity Vulnerability in SiPass Integrated Access Control Systems
CVE-2022-31807

8.2HIGH

What is CVE-2022-31807?

A vulnerability exists in SiPass integrated access control systems, specifically in the AC5102 and ACC-AP devices, where the integrity checks for firmware updates are insufficient. This oversight may permit a local attacker to upload malicious firmware directly to the device. Additionally, it creates a potential risk where a remote attacker could intercept firmware updates during transmission, allowing them to modify legitimate firmware before installation. This flaw underscores the importance of robust firmware validation measures to prevent unauthorized access and ensure system integrity.

Affected Version(s)

SiPass integrated AC5102 (ACC-G2) 0

SiPass integrated ACC-AP 0

References

CVSS V4

Score:
8.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2022-31807 : Firmware Integrity Vulnerability in SiPass Integrated Access Control Systems