CVE-2024-23592

Summary

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.

Affected Software

VendorProductVersion RangeStatus
LenovoSynaptics Fingerprint ReadersVariousaffected

Weaknesses

  • CWE-358: CWE-358 Improperly Implemented Security Check for Standard

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References