Vulnerability Details CVE-2019-13604
There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.6%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2019-13604
-
cpe:2.3:h:assaabloy:hid_digitalpersona_4500:-
-
cpe:2.3:o:assaabloy:hid_digitalpersona_4500_firmware:24