#VU57423 Security features bypass in Microsoft Surface - CVE-2021-42299
Published: October 19, 2021
Vulnerability identifier: #VU57423
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-42299
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Microsoft Surface
Microsoft Surface
Software vendor:
Microsoft
Microsoft
Description
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in the Platform Configuration Registers (PCRs) implementation. An attacker with physical access to device can can bypass implemented security restrictions.
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.