CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-0454

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 0.9%

CVSS Severity

CVSS v3 Score 6.0

References

https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy
https://github.com/advisories/GHSA-w3jx-33qh-77f8
https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy

Products affected by CVE-2024-0454

Emc » Elan Match-On-Chip Fpr Solution » Version: N/A

cpe:2.3:h:emc:elan_match-on-chip_fpr_solution:-
Emc » Elan Match-On-Chip Fpr Solution Firmware » Version: 3.0.12011.08009

cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.0.12011.08009
Emc » Elan Match-On-Chip Fpr Solution Firmware » Version: 3.3.12011.08103

cpe:2.3:o:emc:elan_match-on-chip_fpr_solution_firmware:3.3.12011.08103

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-0454

Products

Pricing

Contact Us