Vulnerability Details CVE-2021-35521
A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.7%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.9
References
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true
- https://www.idemia.com
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true
- https://www.idemia.com
Products affected by CVE-2021-35521
-
cpe:2.3:h:idemia:morphowave_compact_md:2.6.2
-
cpe:2.3:h:idemia:morphowave_compact_mdpi-m:-
-
cpe:2.3:h:idemia:morphowave_compact_mdpi:-
-
cpe:2.3:h:idemia:visionpass_md:2.6.2
-
cpe:2.3:h:idemia:visionpass_mdpi-m:-
-
cpe:2.3:h:idemia:visionpass_mdpi:-
-
cpe:2.3:o:idemia:morphowave_compact_md_firmware:-
-
cpe:2.3:o:idemia:morphowave_compact_mdpi-m_firmware:*
-
cpe:2.3:o:idemia:morphowave_compact_mdpi_firmware:*
-
cpe:2.3:o:idemia:visionpass_md_firmware:-
-
cpe:2.3:o:idemia:visionpass_mdpi-m_firmware:*
-
cpe:2.3:o:idemia:visionpass_mdpi_firmware:*