Lenovo Devices Vulnerable to Authentication Bypass Attacks

CVE-2024-23592

6.3MEDIUM

Key Information

Vendor: Lenovo
Vendor: CVE Published:; 5 April 2024

Summary

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published.
Apr 5, 2024

Collectors

NVD Database