← back
CVE-2024-23592

CVE-2024-23592

CVSS 6.3 MEDIUMEPSS 0.3%CWE-358
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
05 Apr 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Lenovo · Synaptics Fingerprint Readers

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.lenovo.com/us/en/product_security/LEN-155804