CVE-2024-0454 MEDIUM

CVE-2024-0454: Security Vulnerability on Match-on-Chip FPR Architecture

Vendor Elan
Product DELL Inspiron
Weakness CWE-290
Published January 12, 2024
Last update November 6, 2024

CVSS base score

6.0/10
Attack vector Physical
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

What the vulnerability does

01Description

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Key dates

02Disclosure timeline

January 12, 2024 CVE published
November 6, 2024 Record updated