Cryptographic issues - CVE-2021-35113
Published: June 7, 2022 / Updated: August 2, 2022
Vulnerability identifier: #VU64032
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-35113
CWE-ID: CWE-310
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a local attacker to compromise the target system.
The vulnerability exists due to improper order of signature verification and hashing in the signature verification call. An attacker with physical access can bypass authentication on the system.
How to mitigate CVE-2021-35113
Install updates from vendor's website.