Vulnerability Details CVE-2021-35522
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.034
EPSS Ranking 86.9%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 9.0
References
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true
- https://www.idemia.com
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true
- https://www.idemia.com
Products affected by CVE-2021-35522
-
cpe:2.3:h:idemia:ma_vp_md:4.9.7
-
cpe:2.3:h:idemia:morphowave_compact_md:2.6.2
-
cpe:2.3:h:idemia:morphowave_compact_mdpi-m:-
-
cpe:2.3:h:idemia:morphowave_compact_mdpi:-
-
cpe:2.3:h:idemia:sigma_extreme:4.9.4
-
cpe:2.3:h:idemia:sigma_lite+:4.9.4
-
cpe:2.3:h:idemia:sigma_lite:4.9.4
-
cpe:2.3:h:idemia:sigma_wide:4.9.4
-
cpe:2.3:h:idemia:visionpass_md:2.6.2
-
cpe:2.3:h:idemia:visionpass_mdpi-m:-
-
cpe:2.3:h:idemia:visionpass_mdpi:-
-
cpe:2.3:o:idemia:ma_vp_md_firmware:-
-
cpe:2.3:o:idemia:morphowave_compact_md_firmware:-
-
cpe:2.3:o:idemia:morphowave_compact_mdpi-m_firmware:*
-
cpe:2.3:o:idemia:morphowave_compact_mdpi_firmware:*
-
cpe:2.3:o:idemia:sigma_extreme_firmware:-
-
cpe:2.3:o:idemia:sigma_lite+_firmware:-
-
cpe:2.3:o:idemia:sigma_lite_firmware:-
-
cpe:2.3:o:idemia:sigma_wide_firmware:-
-
cpe:2.3:o:idemia:visionpass_md_firmware:-
-
cpe:2.3:o:idemia:visionpass_mdpi-m_firmware:*
-
cpe:2.3:o:idemia:visionpass_mdpi_firmware:*