CVE-2024-58311: CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic in dormakaba Dormakaba Saflok System 6000
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.
AI Analysis
Technical Summary
CVE-2024-58311 affects the Dormakaba Saflok System 6000 due to an improper finite state machine implementation in its hardware logic, specifically a predictable key generation algorithm. The system uses a 32-bit unique identifier to generate card access keys deterministically, enabling attackers to derive valid keys by applying a straightforward mathematical transformation to the identifier. This flaw compromises the confidentiality and integrity of the access control mechanism, potentially allowing unauthorized physical access. The vulnerability has a high CVSS 4.0 score of 8.7, reflecting its severity and ease of exploitation without privileges or user interaction. No patch or vendor advisory is currently available, and the affected product versions are unknown.
Potential Impact
The vulnerability allows attackers to derive valid access keys from a card's unique identifier, potentially enabling unauthorized physical access to secured areas controlled by the Dormakaba Saflok System 6000. This compromises the security of the access control system, impacting confidentiality and physical security. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix is currently available, organizations using Dormakaba Saflok System 6000 should monitor vendor communications for updates. Until a fix is provided, consider additional physical security controls or alternative access mechanisms to mitigate risk.
CVE-2024-58311: CWE-1245: Improper Finite State Machines (FSMs) in Hardware Logic in dormakaba Dormakaba Saflok System 6000
Description
Dormakaba Saflok System 6000 contains a predictable key generation algorithm that allows attackers to derive card access keys from a 32-bit unique identifier. Attackers can exploit the deterministic key generation process by calculating valid access keys using a simple mathematical transformation of the card's unique identifier.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2024-58311 affects the Dormakaba Saflok System 6000 due to an improper finite state machine implementation in its hardware logic, specifically a predictable key generation algorithm. The system uses a 32-bit unique identifier to generate card access keys deterministically, enabling attackers to derive valid keys by applying a straightforward mathematical transformation to the identifier. This flaw compromises the confidentiality and integrity of the access control mechanism, potentially allowing unauthorized physical access. The vulnerability has a high CVSS 4.0 score of 8.7, reflecting its severity and ease of exploitation without privileges or user interaction. No patch or vendor advisory is currently available, and the affected product versions are unknown.
Potential Impact
The vulnerability allows attackers to derive valid access keys from a card's unique identifier, potentially enabling unauthorized physical access to secured areas controlled by the Dormakaba Saflok System 6000. This compromises the security of the access control system, impacting confidentiality and physical security. There are no known exploits in the wild at this time.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no patch or official fix is currently available, organizations using Dormakaba Saflok System 6000 should monitor vendor communications for updates. Until a fix is provided, consider additional physical security controls or alternative access mechanisms to mitigate risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- VulnCheck
- Date Reserved
- 2025-12-11T11:49:20.720Z
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 693c7642a3f11564d0d3b88e
Added to database: 12/12/2025, 8:08:34 PM
Last enriched: 4/7/2026, 10:55:22 PM
Last updated: 5/10/2026, 6:59:21 AM
Views: 164
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.