{ "id": "CVE-2021-46390", "sourceIdentifier": "cve@mitre.org", "published": "2022-03-21T20:15:13.610", "lastModified": "2022-03-29T17:36:46.947", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values." }, { "lang": "es", "value": "Un problema de control de acceso en el m\u00f3dulo de autenticaci\u00f3n de Lexar_F35 versi\u00f3n v1.0.34, permite a atacantes acceder a datos confidenciales y causar una Denegaci\u00f3n de Servicio (DoS). Un atacante sin acceso a los datos protegidos de forma segura en una unidad flash USB segura puede omitir la autenticaci\u00f3n del usuario sin tener ninguna informaci\u00f3n relacionada con la contrase\u00f1a del usuario registrado. La unidad flash USB segura transmite la contrase\u00f1a introducida por el usuario al m\u00f3dulo de autenticaci\u00f3n de la unidad despu\u00e9s de que el usuario registre una contrase\u00f1a, y luego la contrase\u00f1a introducida es comparada con la contrase\u00f1a registrada almacenada en el m\u00f3dulo de autenticaci\u00f3n. Posteriormente, el m\u00f3dulo devuelve el resultado de la comparaci\u00f3n para la decisi\u00f3n de autenticaci\u00f3n. Por lo tanto, un atacante puede omitir la autenticaci\u00f3n de la contrase\u00f1a al analizar las funciones que devuelven los resultados de verificaci\u00f3n o comparaci\u00f3n de la contrase\u00f1a y manipular los valores de los resultados de la autenticaci\u00f3n. En consecuencia, aunque los atacantes introduzcan una contrase\u00f1a incorrecta, pueden ser autenticados como un usuario leg\u00edtimo y, por lo tanto, pueden explotar las funciones de la unidad flash USB segura al manipular los valores de los resultados de la autenticaci\u00f3n" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.8, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 0.9, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2 }, "baseSeverity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-287" } ] } ], "configurations": [ { "operator": "AND", "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:lexar:f35_firmware:1.0.34.0:*:*:*:*:windows:*:*", "matchCriteriaId": "845E7EC7-C4BE-4C8B-87C2-613BDAD5506B" } ] }, { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": false, "criteria": "cpe:2.3:h:lexar:f35:-:*:*:*:*:*:*:*", "matchCriteriaId": "E08C02FD-0F86-485E-A973-020F36EC713E" } ] } ] } ], "references": [ { "url": "https://github.com/bosslabdcu/Vulnerability-Reporting/security/advisories/GHSA-fcqg-mq6w-h3fh", "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ] }, { "url": "https://www.amazon.in/Lexar-LJDF35-128BNL-JumpDrive-Fingerprint-Silver/dp/B07GSMSL28/ref=sr_1_2?crid=37UZOWDJDLMIP&keywords=Lexar_F35&qid=1641532007&s=computers&sprefix=lexar_f3%2Ccomputers%2C311&sr=1-2", "source": "cve@mitre.org", "tags": [ "Product", "Third Party Advisory" ] }, { "url": "https://www.ebay.com/itm/265316509212?hash=item3dc618a61c:g:YO0AAOSwoPJeNNQN", "source": "cve@mitre.org", "tags": [ "Product", "Third Party Advisory" ] }, { "url": "https://www.lexar.com/en/product/lexar-jumpdrive-fingerprint-f35-usb-3-0-flash-drive/", "source": "cve@mitre.org", "tags": [ "Product", "Vendor Advisory" ] } ] }