CVE-2023-6482

CVSS 3.1 Score 5.2 of 10 (medium)

Details

Published Jan 27, 2024

Updated: Feb 1, 2024

CWE ID 321

CWE ID 798

Summary

CVE-2023-6482 is a vulnerability affecting Synaptics Fingerprint Driver. The issue involves the use of a static encryption key, which can be exploited by an attacker with physical access to the sensor. By setting up a TLS session with the fingerprint sensor, the attacker can send restricted commands, potentially leading to unauthorized fingerprint enrollment in the template database. This could compromise the security of biometric authentication systems relying on this driver.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Synaptics

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/trZCsa
https://www.cve.org/CVERecord?id=CVE-2023-6482
https://nvd.nist.gov/vuln/detail/CVE-2023-6482

Back to Vulnerability Database

CVE-2023-6482

CVSS 3.1 Score 5.2 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations