PT-2020-9975 · Synaptics · Synaptics Vfs75Xx

Published

2020-07-22

Updated

2020-07-30

CVE-2019-18618

CVSS v3.1

6.0

Medium

Vector

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions: Synaptics VFS75xx family fingerprint sensors versions prior to 2019-11-15

Description: The issue concerns incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash. This allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

Recommendations: For Synaptics VFS75xx family fingerprint sensors versions prior to 2019-11-15, ensure that firmware updates are applied to address the incorrect access control issue, as updates after 2019-11-15 should include the necessary fixes. As a temporary workaround, consider restricting physical access to the devices to minimize the risk of exploitation by a physical attacker.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2019-18618

Affected Products

Synaptics Vfs75Xx

PT-2020-9975 · Synaptics · Synaptics Vfs75Xx

CVE-2019-18618

Related Identifiers

Affected Products

References · 7