CVE-2024-0454

Security Vulnerability on Match-on-Chip FPR Architecture

Severity Score

6.1

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor.
This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity.
Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.

La solución ELAN Match-on-Chip FPR tiene un error de diseño sobre el riesgo potencial de fuga de SID válido y enumeración con sensor falso. Este fallo hace que el reconocimiento de Windows Hello se omita al clonar el SID para causar una pérdida de identidad de la cuenta. La versión inferior a 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) sufriría este riesgo en la plataforma DELL Inspiron.

*Credits: N/A

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Physical

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

None

Automatable

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2024-01-12 CVE Reserved
2024-01-12 CVE Published
2024-01-23 EPSS Updated
2024-11-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-290: Authentication Bypass by Spoofing

CAPEC

CAPEC-115: Authentication Bypass

References (2)

URL	Tag	Source
https://github.com/advisories/GHSA-w3jx-33qh-77f8	Third Party Advisory
https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy	Not Applicable

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Emc Search vendor "Emc"	Elan Match-on-chip Fpr Solution Firmware Search vendor "Emc" for product "Elan Match-on-chip Fpr Solution Firmware"	3.0.12011.08009 Search vendor "Emc" for product "Elan Match-on-chip Fpr Solution Firmware" and version "3.0.12011.08009"	-	Affected	in	Emc Search vendor "Emc"	Elan Match-on-chip Fpr Solution Search vendor "Emc" for product "Elan Match-on-chip Fpr Solution"	-	-	Safe
Emc Search vendor "Emc"	Elan Match-on-chip Fpr Solution Firmware Search vendor "Emc" for product "Elan Match-on-chip Fpr Solution Firmware"	3.3.12011.08103 Search vendor "Emc" for product "Elan Match-on-chip Fpr Solution Firmware" and version "3.3.12011.08103"	-	Affected	in	Emc Search vendor "Emc"	Elan Match-on-chip Fpr Solution Search vendor "Emc" for product "Elan Match-on-chip Fpr Solution"	-	-	Safe