CVE-2024-23592

MEDIUM

Lenovo Synaptics - Auth Bypass

Title source: llm

Description

An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.

References (1)

[Various Sources] https://support.lenovo.com/us/en/product_security/LEN-155804

Scores

CVSS v3 6.3

EPSS 0.0001

EPSS Percentile 1.0%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-358

Status published

Products (1)

Lenovo/Synaptics Fingerprint Readers Various

Published Apr 05, 2024

Tracked Since Feb 18, 2026