// For flags

CVE-2021-35522

 

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.

Un desbordamiento del búfer en los manejadores de comandos Thrift en los dispositivos IDEMIA Morpho Wave Compact y VisionPass versiones anteriores a 2.6.2, los dispositivos Sigma versiones anteriores a 4.9.4 y los dispositivos MA VP MD versiones anteriores a 4.9.7, permite a atacantes remotos lograr una ejecución de código, denegación de servicios y divulgación de información por medio de paquetes TCP/IP

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-06-28 CVE Reserved
  • 2021-07-22 CVE Published
  • 2024-08-04 CVE Updated
  • 2024-09-22 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-787: Out-of-bounds Write
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi Firmware
Search vendor "Idemia" for product "Morphowave Compact Mdpi Firmware"
< 2.6.2
Search vendor "Idemia" for product "Morphowave Compact Mdpi Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi
Search vendor "Idemia" for product "Morphowave Compact Mdpi"
--
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi-m Firmware
Search vendor "Idemia" for product "Morphowave Compact Mdpi-m Firmware"
< 2.6.2
Search vendor "Idemia" for product "Morphowave Compact Mdpi-m Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact Mdpi-m
Search vendor "Idemia" for product "Morphowave Compact Mdpi-m"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Mdpi Firmware
Search vendor "Idemia" for product "Visionpass Mdpi Firmware"
< 2.6.2
Search vendor "Idemia" for product "Visionpass Mdpi Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Visionpass Mdpi
Search vendor "Idemia" for product "Visionpass Mdpi"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Mdpi-m Firmware
Search vendor "Idemia" for product "Visionpass Mdpi-m Firmware"
< 2.6.2
Search vendor "Idemia" for product "Visionpass Mdpi-m Firmware" and version " < 2.6.2"
-
Affected
in Idemia
Search vendor "Idemia"
Visionpass Mdpi-m
Search vendor "Idemia" for product "Visionpass Mdpi-m"
--
Safe
Idemia
Search vendor "Idemia"
Visionpass Md Firmware
Search vendor "Idemia" for product "Visionpass Md Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Visionpass Md
Search vendor "Idemia" for product "Visionpass Md"
2.6.2
Search vendor "Idemia" for product "Visionpass Md" and version "2.6.2"
-
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Md Firmware
Search vendor "Idemia" for product "Morphowave Compact Md Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact Md
Search vendor "Idemia" for product "Morphowave Compact Md"
2.6.2
Search vendor "Idemia" for product "Morphowave Compact Md" and version "2.6.2"
-
Safe
Idemia
Search vendor "Idemia"
Sigma Lite Firmware
Search vendor "Idemia" for product "Sigma Lite Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite
Search vendor "Idemia" for product "Sigma Lite"
4.9.4
Search vendor "Idemia" for product "Sigma Lite" and version "4.9.4"
-
Safe
Idemia
Search vendor "Idemia"
Sigma Lite\+ Firmware
Search vendor "Idemia" for product "Sigma Lite\+ Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Sigma Lite\+
Search vendor "Idemia" for product "Sigma Lite\+"
4.9.4
Search vendor "Idemia" for product "Sigma Lite\+" and version "4.9.4"
-
Safe
Idemia
Search vendor "Idemia"
Sigma Wide Firmware
Search vendor "Idemia" for product "Sigma Wide Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Sigma Wide
Search vendor "Idemia" for product "Sigma Wide"
4.9.4
Search vendor "Idemia" for product "Sigma Wide" and version "4.9.4"
-
Safe
Idemia
Search vendor "Idemia"
Sigma Extreme Firmware
Search vendor "Idemia" for product "Sigma Extreme Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Sigma Extreme
Search vendor "Idemia" for product "Sigma Extreme"
4.9.4
Search vendor "Idemia" for product "Sigma Extreme" and version "4.9.4"
-
Safe
Idemia
Search vendor "Idemia"
Ma Vp Md Firmware
Search vendor "Idemia" for product "Ma Vp Md Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Ma Vp Md
Search vendor "Idemia" for product "Ma Vp Md"
4.9.7
Search vendor "Idemia" for product "Ma Vp Md" and version "4.9.7"
-
Safe
Idemia
Search vendor "Idemia"
Visionpass Md Firmware
Search vendor "Idemia" for product "Visionpass Md Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Visionpass Md
Search vendor "Idemia" for product "Visionpass Md"
2.6.2
Search vendor "Idemia" for product "Visionpass Md" and version "2.6.2"
-
Safe
Idemia
Search vendor "Idemia"
Morphowave Compact Md Firmware
Search vendor "Idemia" for product "Morphowave Compact Md Firmware"
--
Affected
in Idemia
Search vendor "Idemia"
Morphowave Compact Md
Search vendor "Idemia" for product "Morphowave Compact Md"
2.6.2
Search vendor "Idemia" for product "Morphowave Compact Md" and version "2.6.2"
-
Safe