A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.
References
Link | Resource |
---|---|
https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true | Patch Vendor Advisory |
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true | Patch Vendor Advisory |
https://www.idemia.com | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
History
06 Aug 2021, 13:37
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.6
v3 : 6.2 |
CWE | CWE-787 | |
References | (MISC) https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true - Patch, Vendor Advisory | |
References | (MISC) https://www.idemia.com - Product | |
References | (MISC) https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:idemia:morphowave_compact_mdpi-m_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_mdpi-m_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact_mdpi-m:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_compact_mdpi_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:visionpass_mdpi:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:visionpass_mdpi-m:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_mdpi_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact_mdpi:-:*:*:*:*:*:*:* |
22 Jul 2021, 12:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-22 12:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-35520
Mitre link : CVE-2021-35520
CVE.ORG link : CVE-2021-35520
JSON object : View
Products Affected
idemia
- morphowave_compact_mdpi
- visionpass_mdpi-m
- visionpass_mdpi_firmware
- morphowave_compact_mdpi-m
- visionpass_mdpi-m_firmware
- morphowave_compact_mdpi-m_firmware
- morphowave_compact_mdpi_firmware
- visionpass_mdpi
CWE
CWE-787
Out-of-bounds Write