CVE-2024-0454

Опубликовано: 12 янв. 2024

Источник: nvd

CVSS3: 6

CVSS3: 6.1

EPSS Низкий

Описание

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Ссылки

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy
Not Applicable
https://github.com/advisories/GHSA-w3jx-33qh-77f8
Third Party Advisory
https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy
Not Applicable

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.0.12011.08009:*:*:*:*:*:*:*

cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.3.12011.08103:*:*:*:*:*:*:*

cpe:2.3:h:emc:elan_match-on-chip_fpr_solution:-:*:*:*:*:*:*:*

EPSS

Процентиль: 1%

0.00011

Низкий

6 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-290

Связанные уязвимости

GHSA-w3jx-33qh-77f8

CVSS3: 6

github

около 2 лет назад

EPSS

Процентиль: 1%

0.00011

Низкий

6 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-290