Sign-up

ID

VAR-201906-0599


CVE

CVE-2019-12813


TITLE

Digital Persona U.are.U 4500 Fingerprint Reader Cryptographic vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2019-005676

DESCRIPTION

An issue was discovered in Digital Persona U.are.U 4500 Fingerprint Reader v24. The key and salt used for obfuscating the fingerprint image exhibit cleartext when the fingerprint scanner device transfers a fingerprint image to the driver. An attacker who sniffs an encrypted fingerprint image can easily decrypt that image using the key and salt. CrossmatchDigitalPersonaU.are.U4500FingerprintReader is a fingerprint reader from Crossmatch, USA

Trust: 2.25

sources: NVD: CVE-2019-12813 // JVNDB: JVNDB-2019-005676 // CNVD: CNVD-2019-25725 // VULHUB: VHN-144597

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-25725

AFFECTED PRODUCTS

vendor:crossmatchmodel:digital persona u.are.u 4500scope:eqversion:24

Trust: 1.0

vendor:cross matchmodel:digital persona u.are.u 4500scope:eqversion:24

Trust: 0.8

vendor:crossmatchmodel:digital persona u.are.u fingerprint readerscope:eqversion:4500v24

Trust: 0.6

sources: CNVD: CNVD-2019-25725 // JVNDB: JVNDB-2019-005676 // NVD: CVE-2019-12813

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-12813
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-12813
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-25725
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201906-590
value: MEDIUM

Trust: 0.6

VULHUB: VHN-144597
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-12813
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-25725
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-144597
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-12813
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-25725 // VULHUB: VHN-144597 // JVNDB: JVNDB-2019-005676 // CNNVD: CNNVD-201906-590 // NVD: CVE-2019-12813

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:CWE-310

Trust: 0.9

sources: VULHUB: VHN-144597 // JVNDB: JVNDB-2019-005676 // NVD: CVE-2019-12813

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-590

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201906-590

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-005676

PATCH
title:Top Pageurl:https://www.crossmatch.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-005676

EXTERNAL IDS
db:NVDid:CVE-2019-12813
Trust: 3.1
db:JVNDBid:JVNDB-2019-005676
Trust: 0.8
db:CNNVDid:CNNVD-201906-590
Trust: 0.7
db:CNVDid:CNVD-2019-25725
Trust: 0.6
db:VULHUBid:VHN-144597
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-25725 // 
            
            
            
            VULHUB: VHN-144597 // 
            
            
            
            JVNDB: JVNDB-2019-005676 // 
            
            
            
            CNNVD: CNNVD-201906-590 // 
            
            
            
            NVD: CVE-2019-12813

REFERENCES
url:https://github.com/sungjungk/fp-scanner-hacking
Trust: 3.1
url:https://www.youtube.com/watch?v=wexjdyeoatm
Trust: 2.3
url:https://www.youtube.com/watch?v=grirez2xeas
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2019-12813
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12813
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-25725 // 
            
            
            
            VULHUB: VHN-144597 // 
            
            
            
            JVNDB: JVNDB-2019-005676 // 
            
            
            
            CNNVD: CNNVD-201906-590 // 
            
            
            
            NVD: CVE-2019-12813

SOURCES
db:CNVDid:CNVD-2019-25725
db:VULHUBid:VHN-144597
db:JVNDBid:JVNDB-2019-005676
db:CNNVDid:CNNVD-201906-590
db:NVDid:CVE-2019-12813

LAST UPDATE DATE
2024-11-23T22:48:22.701000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-25725date:2019-08-03T00:00:00
db:VULHUBid:VHN-144597date:2019-06-20T00:00:00
db:JVNDBid:JVNDB-2019-005676date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-590date:2019-06-21T00:00:00
db:NVDid:CVE-2019-12813date:2024-11-21T04:23:37.890

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-25725date:2019-08-03T00:00:00
db:VULHUBid:VHN-144597date:2019-06-13T00:00:00
db:JVNDBid:JVNDB-2019-005676date:2019-06-25T00:00:00
db:CNNVDid:CNNVD-201906-590date:2019-06-13T00:00:00
db:NVDid:CVE-2019-12813date:2019-06-13T23:29:00.223