CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-6482

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 22.8%

CVSS Severity

CVSS v3 Score 5.2

References

https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf
https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf

Products affected by CVE-2023-6482

Synaptics » Fingerprint Driver » Version: 6.0.00.1111

cpe:2.3:a:synaptics:fingerprint_driver:6.0.00.1111

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-6482

Products

Pricing

Contact Us