Incorrect Access Control in YubiKey 5 Series, Security Key Series, YubiKey Bio Series, and YubiKey 5 FIPS
CVE-2024-35311

3.3LOW

Key Information:

Vendor: Yubico
Vendor: CVE Published:; 29 May 2024

What is CVE-2024-35311?

An access control vulnerability has been identified in multiple Yubico products, including the YubiKey 5 Series, Security Key Series, YubiKey Bio Series, and YubiKey 5 FIPS. Versions prior to certain updates are affected, potentially allowing unauthorized access to secure functions. This issue underscores the importance of keeping biometric and authentication devices updated to safeguard sensitive information effectively. For further details, visit Yubico's official security advisory.

References

https://www.yubico.com/support/security-advisories/ysa-20...

CVSS V3.1

Score:

3.3

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 29, 2024