CVE-2019-13604

{"id": "CVE-2019-13604", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2019-07-15T14:15:11.750", "references": [{"url": "https://github.com/sungjungk/fp-img-key-crack", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=7tKJQdKRm2k", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=BwYK_xZlKi4", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/sungjungk/fp-img-key-crack", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.youtube.com/watch?v=7tKJQdKRm2k", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.youtube.com/watch?v=BwYK_xZlKi4", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "There is a short key vulnerability in HID Global DigitalPersona (formerly Crossmatch) U.are.U 4500 Fingerprint Reader v24. The key for obfuscating the fingerprint image is vulnerable to brute-force attacks. This allows an attacker to recover the key and decrypt that image using the key. Successful exploitation causes a sensitive biometric information leak."}, {"lang": "es", "value": "Existe una vulnerabilidad de clave corta en U.are.U 4500 Fingerprint Reader versi\u00f3n 24 de HID Global DigitalPersona (anteriormente Crossmatch). La clave para ofuscar la imagen de la huella dactilar es vulnerable a ataques de fuerza bruta. Esto permite a un atacante recuperar la clave y descifrar esa imagen usando la clave. La explotaci\u00f3n con \u00e9xito causa un filtrado de informaci\u00f3n biom\u00e9trica confidencial."}], "lastModified": "2024-11-21T04:25:20.237", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:assaabloy:hid_digitalpersona_4500_firmware:24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AF0D5F1-1047-4EB0-8B41-4F3400983F53"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:assaabloy:hid_digitalpersona_4500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "403DAA80-D480-456E-8144-55EEF503FD2B"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}