CVE-2023-6482
CVSS V2 None
CVSS V3 None
Description
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows
an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may
allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the
template database.
Overview
- CVE ID
- CVE-2023-6482
- Assigner
- Synaptics
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-27T00:19:15.351Z
- Last Modified Date
- 2024-01-29T16:33:12.763Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://www.synaptics.com/sites/default/files/2024-01/fingerprint-driver-encryption-key-security-brief-2024-01-26.pdf | vendor-advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-6482 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6482 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 06:39:56 | Added to TrackCVE |