A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
References
Link | Resource |
---|---|
https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true | Patch Vendor Advisory |
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true | Patch Vendor Advisory |
https://www.idemia.com | Product |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Configuration 7 (hide)
AND |
|
Configuration 8 (hide)
AND |
|
Configuration 9 (hide)
AND |
|
Configuration 10 (hide)
AND |
|
Configuration 11 (hide)
AND |
|
Configuration 12 (hide)
AND |
|
Configuration 13 (hide)
AND |
|
History
09 Aug 2021, 16:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true - Patch, Vendor Advisory | |
References | (MISC) https://www.idemia.com - Product | |
References | (MISC) https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true - Patch, Vendor Advisory | |
CPE | cpe:2.3:o:idemia:morphowave_compact_mdpi-m_firmware:*:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_mdpi-m_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:ma_vp_md:4.9.7:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_lite\+_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_wide:4.9.4:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_extreme:4.9.4:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact_md:2.6.2:*:*:*:*:*:*:* cpe:2.3:h:idemia:visionpass_mdpi:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_compact_md_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_md_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:visionpass_mdpi-m:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact_mdpi:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:ma_vp_md_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_lite:4.9.4:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_extreme_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_lite_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:idemia:morphowave_compact_mdpi-m:-:*:*:*:*:*:*:* cpe:2.3:o:idemia:morphowave_compact_mdpi_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:sigma_lite\+:4.9.4:*:*:*:*:*:*:* cpe:2.3:o:idemia:visionpass_mdpi_firmware:*:*:*:*:*:*:*:* cpe:2.3:h:idemia:visionpass_md:2.6.2:*:*:*:*:*:*:* cpe:2.3:o:idemia:sigma_wide_firmware:-:*:*:*:*:*:*:* |
|
CWE | CWE-787 | |
CVSS |
v2 : v3 : |
v2 : 9.0
v3 : 9.8 |
22 Jul 2021, 12:20
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-22 12:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-35522
Mitre link : CVE-2021-35522
CVE.ORG link : CVE-2021-35522
JSON object : View
Products Affected
idemia
- visionpass_mdpi-m
- visionpass_mdpi
- morphowave_compact_mdpi_firmware
- sigma_lite_firmware
- ma_vp_md_firmware
- visionpass_md
- sigma_wide
- morphowave_compact_md
- sigma_extreme
- morphowave_compact_mdpi-m_firmware
- ma_vp_md
- sigma_lite\+_firmware
- visionpass_mdpi-m_firmware
- sigma_lite
- sigma_extreme_firmware
- sigma_wide_firmware
- sigma_lite\+
- morphowave_compact_mdpi-m
- visionpass_mdpi_firmware
- visionpass_md_firmware
- morphowave_compact_md_firmware
- morphowave_compact_mdpi
CWE
CWE-787
Out-of-bounds Write