PT-2021-6031 · Idemia · Idemia Visionpass+3

Published

2021-04-26

Updated

2021-08-09

CVE-2021-35522

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions IDEMIA Morpho Wave Compact versions prior to 2.6.2 IDEMIA VisionPass versions prior to 2.6.2 IDEMIA Sigma devices versions prior to 4.9.4 IDEMIA MA VP MD devices versions prior to 4.9.7

Description The issue is related to a buffer overflow in the Thrift command handlers, which can be exploited by remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets. This can allow an attacker to gain remote access to the device.

Recommendations For IDEMIA Morpho Wave Compact versions prior to 2.6.2, update to version 2.6.2 or later. For IDEMIA VisionPass versions prior to 2.6.2, update to version 2.6.2 or later. For IDEMIA Sigma devices versions prior to 4.9.4, update to version 4.9.4 or later. For IDEMIA MA VP MD devices versions prior to 4.9.7, update to version 4.9.7 or later.

Fix

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2022-00605

CVE-2021-35522

Affected Products

Idemia Ma Vp Md

Idemia Morpho Wave Compact

Idemia Sigma

Idemia Visionpass

PT-2021-6031 · Idemia · Idemia Visionpass+3

CVE-2021-35522

Weakness Enumeration

Related Identifiers

Affected Products

References · 9