// For flags

CVE-2021-35521

 

Severity Score

5.9
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A path traversal in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2 allows remote authenticated attackers to achieve denial of services and information disclosure via TCP/IP packets.

Un salto de ruta en los manejadores de comandos Thrift en los dispositivos IDEMIA Morpho Wave Compact y VisionPass versiones anteriores a 2.6.2, permite a atacantes remotos autenticados lograr una denegación de servicios y divulgación de información por medio de paquetes TCP/IP

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Medium
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-06-28 CVE Reserved
  • 2021-07-22 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi Firmware
Search vendor "Idemia" for product "Morphowave Compact Mdpi Firmware"
< 2.6.2
Search vendor "Idemia" for product "Morphowave Compact Mdpi Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi
Search vendor "Idemia" for product "Morphowave Compact Mdpi"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi-m Firmware
Search vendor "Idemia" for product "Morphowave Compact Mdpi-m Firmware"
< 2.6.2
Search vendor "Idemia" for product "Morphowave Compact Mdpi-m Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi-m
Search vendor "Idemia" for product "Morphowave Compact Mdpi-m"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Mdpi Firmware
Search vendor "Idemia" for product "Visionpass Mdpi Firmware"
< 2.6.2
Search vendor "Idemia" for product "Visionpass Mdpi Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Visionpass Mdpi
Search vendor "Idemia" for product "Visionpass Mdpi"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Mdpi-m Firmware
Search vendor "Idemia" for product "Visionpass Mdpi-m Firmware"
< 2.6.2
Search vendor "Idemia" for product "Visionpass Mdpi-m Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Visionpass Mdpi-m
Search vendor "Idemia" for product "Visionpass Mdpi-m"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Md Firmware
Search vendor "Idemia" for product "Visionpass Md Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Visionpass Md
Search vendor "Idemia" for product "Visionpass Md"
2.6.2
Search vendor "Idemia" for product "Visionpass Md" and version "2.6.2"
-
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Md Firmware
Search vendor "Idemia" for product "Morphowave Compact Md Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact Md
Search vendor "Idemia" for product "Morphowave Compact Md"
2.6.2
Search vendor "Idemia" for product "Morphowave Compact Md" and version "2.6.2"
-
Safe