Main Vulnerability Database Vulnerabilities #VU54837

Security features bypass in Windows - CVE-2021-34466

Published: July 13, 2021

Vulnerability identifier: #VU54837

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-34466

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows Hello. An attacker with physical access can gain elevated privileges on the target system.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-34466

Security features bypass in Windows - CVE-2021-34466

Description

Remediation

External links

Please verify you're human