CVE-2024-0454

EPSS 0.01%
Published 12.01.2024 02:15:44
Last modified 21.11.2024 08:46:37
Source 36106deb-8e95-420b-a0a0-e70af5
Teams watchlist Login
Open Login

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.
This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.
Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Emc ≫ Elan Match-on-chip Fpr Solution Firmware Version3.0.12011.08009

Emc ≫ Elan Match-on-chip Fpr Solution Version-

Emc ≫ Elan Match-on-chip Fpr Solution Firmware Version3.3.12011.08103

Emc ≫ Elan Match-on-chip Fpr Solution Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.1	0.9	5.2	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
36106deb-8e95-420b-a0a0-e70af5d245df	6	0.5	5.5	CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy

Not Applicable

https://github.com/advisories/GHSA-w3jx-33qh-77f8

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0454

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0454

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0454

EUVD