CVE-2021-35522
high-risk
Published 2021-07-22
A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets.
Do I need to act?
~
4.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10
Critical
NETWORK
/ LOW complexity
Affected Products (11)
Morphowave Compact Mdpi Firmware
Morphowave Compact Mdpi-M Firmware
Visionpass Mdpi Firmware
Visionpass Mdpi-M Firmware
Visionpass Md Firmware
Morphowave Compact Md Firmware
Sigma Lite Firmware
Sigma Lite\+ Firmware
Sigma Wide Firmware
Sigma Extreme Firmware
Ma Vp Md Firmware
Affected Vendors
References (6)
Product
https://www.idemia.com
Product
https://www.idemia.com
55
/ 100
high-risk
Severity
32/34 · Critical
Exploitability
7/34 · Low
Exposure
16/34 · Moderate