5.9

CVE-2019-12813

Exploit

EPSS 1.13%
Veröffentlicht 13.06.2019 23:29:00
Zuletzt bearbeitet 21.11.2024 04:23:37
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Crossmatch ≫ Digital Persona U.Are.U 4500 Firmware Version24

Crossmatch ≫ Digital Persona U.Are.U 4500 Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.13%	0.622

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-319 Cleartext Transmission of Sensitive Information

The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

https://github.com/sungjungk/fp-scanner-hacking

Third Party Advisory

Exploit

https://www.youtube.com/watch?v=Grirez2xeas

Third Party Advisory

Exploit

https://www.youtube.com/watch?v=wEXJDyEOatM

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2019-12813

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2019-12813

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2019-12813

EUVD