CVE-2021-35521 — MEDIUM (5.9)

Q: How severe is CVE-2021-35521?

CVE-2021-35521 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-35521?

Check the references section above for vendor advisories and patch information. Affected products include: Idemia Morphowave Compact Mdpi Firmware, Idemia Morphowave Compact Mdpi, Idemia Morphowave Compact Mdpi-M Firmware, Idemia Morphowave Compact Mdpi-M, Idemia Visionpass Mdpi Firmware.

Vulnerability Description

A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Idemia	Morphowave Compact Mdpi Firmware	< 2.6.2
Idemia	Morphowave Compact Mdpi	-
Idemia	Morphowave Compact Mdpi-M Firmware	< 2.6.2
Idemia	Morphowave Compact Mdpi-M	-
Idemia	Visionpass Mdpi Firmware	< 2.6.2
Idemia	Visionpass Mdpi	-
Idemia	Visionpass Mdpi-M Firmware	< 2.6.2
Idemia	Visionpass Mdpi-M	-
Idemia	Visionpass Md Firmware	-
Idemia	Visionpass Md	2.6.2
Idemia	Morphowave Compact Md Firmware	-
Idemia	Morphowave Compact Md	2.6.2

Related Weaknesses (CWE)

CWE-22

References

https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=tPatchVendor Advisory
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=tPatchVendor Advisory
https://www.idemia.comProduct
https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=tPatchVendor Advisory
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=tPatchVendor Advisory
https://www.idemia.comProduct

FAQ

What is CVE-2021-35521?

CVE-2021-35521 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclo...

How severe is CVE-2021-35521?

CVE-2021-35521 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-35521?

Check the references section above for vendor advisories and patch information. Affected products include: Idemia Morphowave Compact Mdpi Firmware, Idemia Morphowave Compact Mdpi, Idemia Morphowave Compact Mdpi-M Firmware, Idemia Morphowave Compact Mdpi-M, Idemia Visionpass Mdpi Firmware.