CVE-2023-6482 | THREATINT

Description

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.

PUBLISHED Reserved 2023-12-04 | Published 2024-01-27 | Updated 2024-10-18 | Assigner Synaptics

MEDIUM: 5.2CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Problem types

CWE-321 Use of Hard-coded Cryptographic Key

Product status

Default status

unknown

6.0.0.1103 (custom) before 6.0.17.1103

affected

References

www.synaptics.com/...ption-key-security-brief-2024-01-26.pdf vendor-advisory

cve.org (CVE-2023-6482)

nvd.nist.gov (CVE-2023-6482)

Download JSON

help @ threatint.eu