CVE-2024-23592 Vulnerability Details

  /     /     /  

CVE-2024-23592 Metadata Quick Info

CVE Published: 05/04/2024 | CVE Updated: 06/09/2024 | CVE Year: 2024
Source: lenovo | Vendor: Lenovo | Product: Synaptics Fingerprint Readers
Status : PUBLISHED

---

CVE-2024-23592 Description

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.

Metrics

CVSS Version: 3.1 | Base Score: 6.3 MEDIUM
Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* PHYSICAL
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* UNCHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-358
CWE Name: CWE-358 Improperly Implemented Security Check for Standard
Source: Lenovo

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).