CVE-2023-33371 – This vulnerability allows attackers to forge va... (How to Fix)

Q: What is the severity of CVE-2023-33371?

CVE-2023-33371 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows attackers to forge valid JWT session tokens using a hardcoded cryptographic key, enabling authentication bypass in Control ID IDSecure access control systems. Organizations using IDSecure 4.7.26.0 or earlier are affected, potentially allowing unauthorized access to physical security systems.

📋 TL;DR

This vulnerability allows attackers to forge valid JWT session tokens using a hardcoded cryptographic key, enabling authentication bypass in Control ID IDSecure access control systems. Organizations using IDSecure 4.7.26.0 or earlier are affected, potentially allowing unauthorized access to physical security systems.

💻 Affected Systems

Products:

Control ID IDSecure

Versions: 4.7.26.0 and prior

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations using default JWT token signing are vulnerable. The hardcoded key cannot be changed without patching.

📦 What is this software?

Control Id Idsecure by Assaabloy

View all CVEs affecting Control Id Idsecure →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of physical access control systems allowing unauthorized entry to secure facilities, manipulation of door controls, and disabling of security monitoring.

🟠

Likely Case

Unauthorized access to IDSecure web interface leading to privilege escalation, user impersonation, and potential physical security breaches.

🟢

If Mitigated

Limited impact if network segmentation prevents external access and strong authentication controls are in place beyond JWT tokens.

🌐 Internet-Facing: HIGH

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires obtaining the hardcoded key (potentially from decompiled software) and basic JWT manipulation skills. No authentication needed to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.7.27.0 or later

Vendor Advisory: https://www.controlid.com.br/en/access-control/idsecure/

Restart Required: Yes

Instructions:

1. Download latest version from Control ID website. 2. Backup current installation. 3. Run installer to upgrade. 4. Restart IDSecure service. 5. Verify new version is running.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate IDSecure systems from untrusted networks and internet access

Access Control Lists

windows

Restrict network access to IDSecure web interface using firewall rules

netsh advfirewall firewall add rule name="Block IDSecure External" dir=in action=block protocol=TCP localport=80,443 remoteip=any

🧯 If You Can't Patch

Implement network segmentation to isolate IDSecure from untrusted networks
Deploy web application firewall with JWT validation rules

🔍 How to Verify

Check if Vulnerable:

Check IDSecure version in web interface or installation directory. Versions 4.7.26.0 or earlier are vulnerable.

Check Version:

Check web interface login page or %PROGRAMFILES%\Control ID\IDSecure\version.txt

Verify Fix Applied:

Verify version is 4.7.27.0 or later. Test authentication with new tokens to ensure they validate properly.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts followed by successful authentication with unusual user agents
Authentication logs showing token validation failures or unusual token patterns

Network Indicators:

Unusual source IPs accessing IDSecure web interface
Traffic patterns indicating JWT token manipulation attempts

SIEM Query:

source="idsecure" AND (event_type="authentication" AND result="success") | stats count by src_ip user | where count > threshold

📊 Metadata

CVE ID: CVE-2023-33371

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-798

Published: August 3, 2023

Last Updated: November 21, 2024

🔗 References

https://claroty.com/team82/disclosure-dashboard/cve-2023-33371 Third Party Advisory
https://www.controlid.com.br/en/access-control/idsecure/ Vendor Advisory
https://claroty.com/team82/disclosure-dashboard/cve-2023-33371 Third Party Advisory
https://www.controlid.com.br/en/access-control/idsecure/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33371, you might also want to check these: