Cryptographic issues - CVE-2021-35113

 

Cryptographic issues - CVE-2021-35113

Published: June 7, 2022 / Updated: August 2, 2022


Vulnerability identifier: #VU64032
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-35113
CWE-ID: CWE-310
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor:
Affected software:

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.


How to mitigate CVE-2021-35113

Install updates from vendor's website.

Sources