CVE-2021-35522 — CRITICAL (9.8)

Q: How severe is CVE-2021-35522?

CVE-2021-35522 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2021-35522?

Check the references section above for vendor advisories and patch information. Affected products include: Idemia Morphowave Compact Mdpi Firmware, Idemia Morphowave Compact Mdpi, Idemia Morphowave Compact Mdpi-M Firmware, Idemia Morphowave Compact Mdpi-M, Idemia Visionpass Mdpi Firmware.

Vulnerability Description

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.

CVSS Score

9.8

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Idemia	Morphowave Compact Mdpi Firmware	< 2.6.2
Idemia	Morphowave Compact Mdpi	-
Idemia	Morphowave Compact Mdpi-M Firmware	< 2.6.2
Idemia	Morphowave Compact Mdpi-M	-
Idemia	Visionpass Mdpi Firmware	< 2.6.2
Idemia	Visionpass Mdpi	-
Idemia	Visionpass Mdpi-M Firmware	< 2.6.2
Idemia	Visionpass Mdpi-M	-
Idemia	Visionpass Md Firmware	-
Idemia	Visionpass Md	2.6.2
Idemia	Morphowave Compact Md Firmware	-
Idemia	Morphowave Compact Md	2.6.2
Idemia	Sigma Lite Firmware	-
Idemia	Sigma Lite	4.9.4
Idemia	Sigma Lite\+ Firmware	-
Idemia	Sigma Lite\+	4.9.4
Idemia	Sigma Wide Firmware	-
Idemia	Sigma Wide	4.9.4
Idemia	Sigma Extreme Firmware	-
Idemia	Sigma Extreme	4.9.4

Related Weaknesses (CWE)

CWE-787

References

https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=tPatchVendor Advisory
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=tPatchVendor Advisory
https://www.idemia.comProduct
https://biometricdevices.idemia.com/s/global-search/0696700000JJa0zAAD?sharing=tPatchVendor Advisory
https://biometricdevices.idemia.com/s/global-search/0696700000JJa1nAAD?sharing=tPatchVendor Advisory
https://www.idemia.comProduct

FAQ

What is CVE-2021-35522?

CVE-2021-35522 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to...

How severe is CVE-2021-35522?

CVE-2021-35522 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-35522?

Check the references section above for vendor advisories and patch information. Affected products include: Idemia Morphowave Compact Mdpi Firmware, Idemia Morphowave Compact Mdpi, Idemia Morphowave Compact Mdpi-M Firmware, Idemia Morphowave Compact Mdpi-M, Idemia Visionpass Mdpi Firmware.