CVE-2021-35522

Published Jul 22, 2021
Last updated 3 years ago
CVSS critical 9.8
Overview

Description: A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 9
Impact score: 8.5
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:C
Weaknesses

nvd@nist.gov: CWE-787
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:morphowave_compact_mdpi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A555DBE9-1362-421C-912E-A5C74E5495CB",
            "versionEndExcluding": "2.6.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:morphowave_compact_mdpi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "69D8C901-CFBB-4B96-885C-77C473F7A6AB"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:morphowave_compact_mdpi-m_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB44A973-050F-46D0-81CD-8617B76BB1C1",
            "versionEndExcluding": "2.6.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:morphowave_compact_mdpi-m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "F9D402E4-728D-43C5-87DC-9278EA8BE9A1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:visionpass_mdpi_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E0FDEA3-5CE6-48DF-B245-CEAC8B7863FF",
            "versionEndExcluding": "2.6.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:visionpass_mdpi:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1A1D34D9-CB13-4C64-BBD9-B4CB069B5CA6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:visionpass_mdpi-m_firmware:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6AF83EE1-C6A5-4E0B-8661-0A57795CF725",
            "versionEndExcluding": "2.6.2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:visionpass_mdpi-m:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A6358D22-B220-46A7-92F2-3849E3A6DD9C"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:visionpass_md:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE6F3C21-F1FE-4C41-90CC-6BC03BB24D8C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:visionpass_md_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D64D546-2F01-430A-9DCD-EBD96D285E9D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:morphowave_compact_md:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F66EAB8-8D6B-4BAE-9540-789C7EAF5487"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:morphowave_compact_md_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2B65DFA-93AF-48E7-92EF-F31398237B2A"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:sigma_lite:4.9.4:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "81350C1A-65D9-4E4A-B041-4E51895E0F90"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:sigma_lite_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C69FDDE9-01FB-4D8B-87A4-F67DCB5CF0BA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:sigma_lite\\+:4.9.4:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "527820C2-EC38-4556-896B-58A2B7100A72"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:sigma_lite\\+_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "043B46A4-6DA0-41CD-85B3-5729B50305E6"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:sigma_wide:4.9.4:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "45717DD7-2519-42D1-B6E6-3CA5E62CB1F2"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:sigma_wide_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3596B334-F0E1-482D-9F4D-FBE9A11CBFFC"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:sigma_extreme:4.9.4:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "1C982D0B-431B-4292-A7F3-69A2D8220F45"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:sigma_extreme_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81060521-32D2-45A1-997B-E67C72E8CB90"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:ma_vp_md:4.9.7:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "5A7D2CA9-42D6-4987-93BD-262C31FADCB7"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:ma_vp_md_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58CB338D-303A-4BA1-92AC-68014761460D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:visionpass_md:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "BE6F3C21-F1FE-4C41-90CC-6BC03BB24D8C"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:visionpass_md_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D64D546-2F01-430A-9DCD-EBD96D285E9D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:idemia:morphowave_compact_md_firmware:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2B65DFA-93AF-48E7-92EF-F31398237B2A"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:idemia:morphowave_compact_md:2.6.2:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2F66EAB8-8D6B-4BAE-9540-789C7EAF5487"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
