Lucene search

[email protected]CVE-2021-35521

HistoryJul 22, 2021 - 12:15 p.m.

CVE-2021-35521

2021-07-2212:15:08

CWE-22

[email protected]

web.nvd.nist.gov

idemia

morpho wave compact

visionpass

cve-2021-35521

security vulnerability

path traversal

denial of service

information disclosure

nvd

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.

Affected configurations

NVD

Node

idemiamorphowave_compact_mdpi_firmwareRange<2.6.2

AND

idemiamorphowave_compact_mdpiMatch-

Node

idemiamorphowave_compact_mdpi-m_firmwareRange<2.6.2

AND

idemiamorphowave_compact_mdpi-mMatch-

Node

idemiavisionpass_mdpi_firmwareRange<2.6.2

AND

idemiavisionpass_mdpiMatch-

Node

idemiavisionpass_mdpi-m_firmwareRange<2.6.2

AND

idemiavisionpass_mdpi-mMatch-

Node

idemiavisionpass_mdMatch2.6.2

AND

idemiavisionpass_md_firmwareMatch-

Node

idemiamorphowave_compact_mdMatch2.6.2

AND

idemiamorphowave_compact_md_firmwareMatch-

CPENameOperatorVersion
idemia:morphowave_compact_mdpi_firmwareidemia morphowave compact mdpi firmwarelt2.6.2

CPE	Name	Operator	Version
idemia:morphowave_compact_mdpi_firmware	idemia morphowave compact mdpi firmware	lt	2.6.2

References

biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=true

biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=true

www.idemia.com

Social References

4.9 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

5.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.9%

JSON

Related for CVE-2021-35521

nvd1 prion1 cvelist1