Intel® RealSense™ ID Solution F450 Advisory

Summary:

A potential security vulnerability in the Intel® RealSense™ ID Solution F450 may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.

Vulnerability Details:

CVEID: CVE-2021-33130

Description: Insecure default variable initialization of Intel® RealSense™ ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access.

CVSS Base Score: 4.8 Medium

CVSS Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N****

Affected Products:

Intel® RealSense™ ID Solution F450 before version 2.6.0.74.

Recommendations:

Intel recommends updating the Intel® RealSense™ ID Solution F450 to version 2.6.0.74 or later.

Updates are available for download at this location: <https://github.com/IntelRealSense/RealSenseID/releases/tag/v0.17.1&gt;

Acknowledgements:

The following issue was found internally by Intel employees. Intel would like to thank Julien Lenoir, Kristin Paget, Peter Bosch, John Whiteman, Nael Masalha and William Burton.

Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.