Lenovo
CVE-2024-23592
MEDIUM
Severity by source
AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from Vendor (lenovo) · only source for this CVE.
CVSS VectorVendor: lenovo
CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.
AnalysisAI
An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-358. An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.
Affected ProductsAI
Lenovo devices with Synaptics fingerprint readers that.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Unrestricted file upload vulnerability in andesk/managementsuite/core/core.anonymous/ServerSetup.asmx in the ServerSetup
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagemen
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allo
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phone
Local privilege escalation in the FluxInk (formerly Sunia SPB Peripheral) Color Management Driver TcnPeripheral64.sys ve
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by nav
A DLL preloading vulnerability was reported in Lenovo Driver Management prior to version 2.9.0719.1104 that could allow
A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ab
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by mak
The Lenovo Service Framework Android application executes some system commands without proper sanitization of external i
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today