CVE-2024-0454

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 12, 2024

Updated: Jan 22, 2024

CWE ID 290

Summary

CVE-2024-0454 is a design fault affecting the ELAN Match-on-Chip FPR solution in certain DELL Inspiron models. This vulnerability potentially allows an attacker to leak valid SID information and enumerate sensors, enabling them to bypass Windows Hello recognition. By cloning the SID, an unauthorized user could gain broken account identity and potentially gain access to protected systems. This risk is present in versions lower than 3.0.12011.08009 (Legacy) and 3.3.12011.08103 (ESS).

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uHNMYW
https://www.cve.org/CVERecord?id=CVE-2024-0454
https://nvd.nist.gov/vuln/detail/CVE-2024-0454

Back to Vulnerability Database

CVE-2024-0454

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations