CVE-2021-35522

Published: Jul 22, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.

Affected (11)

Products: Idemia: Morphowave Compact Mdpi Firmware, Morphowave Compact Mdpi M Firmware, Visionpass Mdpi Firmware, Visionpass Mdpi M Firmware, Sigma Lite+ Firmware, Sigma Wide Firmware, Sigma Extreme Firmware, Ma Vp Md Firmware, Visionpass Md Firmware, Morphowave Compact Md Firmware

Idemia

10 products

Morphowave Compact Mdpi Firmware

Morphowave Compact Mdpi M Firmware

Visionpass Mdpi Firmware

Visionpass Mdpi M Firmware

Sigma Lite+ Firmware

Sigma Wide Firmware

Sigma Extreme Firmware

Ma Vp Md Firmware

Visionpass Md Firmware

Morphowave Compact Md Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Morphowave Compact Mdpi Firmware	Before 2.6.2

Running on/with	Platform Versions
Idemia Morphowave Compact Mdpi	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Morphowave Compact Mdpi M Firmware	Before 2.6.2

Running on/with	Platform Versions
Idemia Morphowave Compact Mdpi M	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Visionpass Mdpi Firmware	Before 2.6.2

Running on/with	Platform Versions
Idemia Visionpass Mdpi	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Visionpass Mdpi M Firmware	Before 2.6.2

Running on/with	Platform Versions
Idemia Visionpass Mdpi M	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Sigma Lite Firmware	All versions

Running on/with	Platform Versions
Idemia Sigma Lite	Version 4.9.4

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Sigma Lite+ Firmware	All versions

Running on/with	Platform Versions
Idemia Sigma Lite+	Version 4.9.4

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Sigma Wide Firmware	All versions

Running on/with	Platform Versions
Idemia Sigma Wide	Version 4.9.4

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Sigma Extreme Firmware	All versions

Running on/with	Platform Versions
Idemia Sigma Extreme	Version 4.9.4

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Ma Vp Md Firmware	All versions

Running on/with	Platform Versions
Idemia Ma Vp Md	Version 4.9.7

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Visionpass Md Firmware	All versions

Running on/with	Platform Versions
Idemia Visionpass Md	Version 2.6.2

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Idemia Morphowave Compact Md Firmware	All versions

Running on/with	Platform Versions
Idemia Morphowave Compact Md	Version 2.6.2

Related CWEs

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (6)

https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true

Source: cve@mitre.org

PatchVendor Advisory

https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true

Source: cve@mitre.org

PatchVendor Advisory

https://www.idemia.com

Source: cve@mitre.org

Product

https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://www.idemia.com

Source: af854a3a-2127-422b-91ae-364da2661108

Product

Timeline

No history available yet.