Security features bypass in Microsoft Surface - CVE-2021-42299
Published: October 19, 2021
Vulnerability identifier: #VU57423
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-42299
CWE-ID: CWE-254
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Microsoft
Affected software:
Microsoft Surface
Microsoft Surface
Detailed vulnerability description
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists in the Platform Configuration Registers (PCRs) implementation. An attacker with physical access to device can can bypass implemented security restrictions.
How to mitigate CVE-2021-42299
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.