← Back to CVEs
CVE-2021-35522
CRITICAL9.8
Description
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published7/22/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
idemia:ma_vp_mdidemia:ma_vp_md_firmwareidemia:morphowave_compact_mdidemia:morphowave_compact_md_firmwareidemia:morphowave_compact_mdpiidemia:morphowave_compact_mdpi-midemia:morphowave_compact_mdpi-m_firmwareidemia:morphowave_compact_mdpi_firmwareidemia:sigma_extremeidemia:sigma_extreme_firmwareidemia:sigma_liteidemia:sigma_lite\+idemia:sigma_lite\+_firmwareidemia:sigma_lite_firmwareidemia:sigma_wideidemia:sigma_wide_firmwareidemia:visionpass_mdidemia:visionpass_md_firmwareidemia:visionpass_mdpiidemia:visionpass_mdpi-midemia:visionpass_mdpi-m_firmwareidemia:visionpass_mdpi_firmware
Weaknesses (CWE)
CWE-787
References
https://www.idemia.com(cve@mitre.org)
https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true(af854a3a-2127-422b-91ae-364da2661108)
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true(af854a3a-2127-422b-91ae-364da2661108)
https://www.idemia.com(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.