CVE-2024-0454

Published: Jan 12, 2024Modified: Nov 21, 2024

6.1

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 0.9 / Impact: 5.2

Source: NVD

Description

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Affected (2)

Products: Emc: Elan Match On Chip Fpr Solution Firmware

1 product

Elan Match On Chip Fpr Solution Firmware

Configuration A

2 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Emc Elan Match On Chip Fpr Solution Firmware	Version 3.0.12011.08009
Emc Elan Match On Chip Fpr Solution Firmware	Version 3.3.12011.08103

Running on/with	Platform Versions
Emc Elan Match On Chip Fpr Solution	All versions

Related CWEs

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (3)

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy

Source: 36106deb-8e95-420b-a0a0-e70af5d245df

Not Applicable

https://github.com/advisories/GHSA-w3jx-33qh-77f8

Source: nvd@nist.gov

Third Party Advisory

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy

Source: af854a3a-2127-422b-91ae-364da2661108

Not Applicable

Timeline

No history available yet.