Описание
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
Уязвимые конфигурации
Конфигурация 1Версия от 6.0.00.1103 (включая) до 6.0.17.1103 (исключая)
cpe:2.3:a:synaptics:fingerprint_driver:*:*:*:*:*:*:*:*
EPSS
Процентиль: 22%
0.00072
Низкий
5.2 Medium
CVSS3
Дефекты
CWE-321
CWE-798
Связанные уязвимости
CVSS3: 5.2
github
около 2 лет назад
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
EPSS
Процентиль: 22%
0.00072
Низкий
5.2 Medium
CVSS3
Дефекты
CWE-321
CWE-798