CVE-2019-13603

{"id": "CVE-2019-13603", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-07-16T17:15:12.407", "references": [{"url": "https://github.com/sungjungk/fp-scanner-hacking", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=Grirez2xeas", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=wEXJDyEOatM", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/sungjungk/fp-scanner-hacking", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.youtube.com/watch?v=Grirez2xeas", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.youtube.com/watch?v=wEXJDyEOatM", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-330"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader Windows Biometric Framework driver 5.0.0.5. It has a statically coded initialization vector to encrypt a user's fingerprint image, resulting in weak encryption of that. This, in combination with retrieving an encrypted fingerprint image and encryption key (through another vulnerability), allows an attacker to obtain a user's fingerprint image."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el controlador versi\u00f3n 5.0.0.5 del Framework Biometric de Windows del U.are.U 4500 Fingerprint Reader de HID Global DigitalPersona (anteriormente Crossmatch). Tiene un vector de inicializaci\u00f3n codificado est\u00e1ticamente para cifrar la imagen de la huella digital de un usuario, resultando en un cifrado d\u00e9bil de esta. Esto, en combinaci\u00f3n con la recuperaci\u00f3n de una imagen de huella digital cifrada y una clave de cifrado (por medio de otra vulnerabilidad), permite a un atacante obtener la imagen de la huella digital de un usuario."}], "lastModified": "2024-11-21T04:25:19.473", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:hidglobal:digital_persona_u.are.u_4500_driver_firmware:5.0.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B634E052-6305-4617-89B8-60EBA357C7F4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:hidglobal:digital_persona_u.are.u_4500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9F0A2FE7-3C08-4CAE-9048-329BC2290807"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}