CVE-2024-0454

EPSS 0.01%
Veröffentlicht 12.01.2024 02:15:44
Zuletzt bearbeitet 21.11.2024 08:46:37
Quelle 36106deb-8e95-420b-a0a0-e70af5
Teams Watchlist Login
Unerledigt Login

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.
This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.
Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Emc ≫ Elan Match-on-chip Fpr Solution Firmware Version3.0.12011.08009

Emc ≫ Elan Match-on-chip Fpr Solution Version-

Emc ≫ Elan Match-on-chip Fpr Solution Firmware Version3.3.12011.08103

Emc ≫ Elan Match-on-chip Fpr Solution Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.009

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	0.9	5.2	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
36106deb-8e95-420b-a0a0-e70af5d245df	6	0.5	5.5	CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy

Not Applicable

https://github.com/advisories/GHSA-w3jx-33qh-77f8

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-0454

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-0454

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-0454

EUVD