Vulnerability Description
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of services, and information disclosure via serial ports.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Idemia | Morphowave Compact Mdpi Firmware | < 2.6.2 |
| Idemia | Morphowave Compact Mdpi | - |
| Idemia | Morphowave Compact Mdpi-M Firmware | < 2.6.2 |
| Idemia | Morphowave Compact Mdpi-M | - |
| Idemia | Visionpass Mdpi Firmware | < 2.6.2 |
| Idemia | Visionpass Mdpi | - |
| Idemia | Visionpass Mdpi-M Firmware | < 2.6.2 |
| Idemia | Visionpass Mdpi-M | - |
Related Weaknesses (CWE)
References
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=tPatchVendor Advisory
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=tPatchVendor Advisory
- https://www.idemia.comProduct
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=tPatchVendor Advisory
- https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=tPatchVendor Advisory
- https://www.idemia.comProduct
FAQ
What is CVE-2021-35520?
CVE-2021-35520 is a vulnerability with a CVSS score of 6.2 (MEDIUM). A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows physically proximate authenticated attackers to achieve code execution, denial of ...
How severe is CVE-2021-35520?
CVE-2021-35520 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-35520?
Check the references section above for vendor advisories and patch information. Affected products include: Idemia Morphowave Compact Mdpi Firmware, Idemia Morphowave Compact Mdpi, Idemia Morphowave Compact Mdpi-M Firmware, Idemia Morphowave Compact Mdpi-M, Idemia Visionpass Mdpi Firmware.