CVE-2024-0454

MEDIUM Year: 2024
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-290
View all →

Vulnerability Description

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

Related Vulnerabilities

CVE-2018-8278

MEDIUM
CVSS:6.1(Medium)

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge.

CWE-2902018

CVE-2019-18989

MEDIUM
CVSS:6.1(Medium)

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is ro...

CWE-2902019

CVE-2019-18990

MEDIUM
CVSS:6.1(Medium)

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame...

CWE-2902019

CVE-2019-18991

MEDIUM
CVSS:6.1(Medium)

A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-pro...

CWE-2902019

CVE-2020-13529

MEDIUM
CVSS:6.1(Medium)

An exploitable denial-of-service vulnerability exists in Systemd 245. A specially crafted DHCP FORCERENEW packet can cause a server running the DHCP client to be vulnerable to a DHCP ACK spoofing atta...

CWE-2902020