Lenovo Devices Vulnerable to Authentication Bypass Attacks
CVE-2024-23592

6.3MEDIUM

Key Information:

Vendor: Lenovo
Vendor: CVE Published:; 5 April 2024

What is CVE-2024-23592?

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.

References

https://support.lenovo.com/us/en/product_security/LEN-155804

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 5, 2024