CVE-2024-0454

Published Jan 12, 2024

Last updated 10 months ago

Overview

Description: ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.
Source: 36106deb-8e95-420b-a0a0-e70af5d245df
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.1
Impact score: 5.2
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-290
36106deb-8e95-420b-a0a0-e70af5d245df: CWE-290

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:h:emc:elan_match-on-chip_fpr_solution:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "02144756-1716-40FF-884B-3E4DD9D2C0A3"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.0.12011.08009:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D3B550F-D100-4116-AE9F-7F9F203F7B0F"
          },
          {
            "criteria": "cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.3.12011.08103:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8BD8D8C7-1B4D-4452-8BC2-6D2B05939AC1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References