Main Vulnerability Database Vulnerabilities #VU66347

Security features bypass in Windows - CVE-2022-35797

Published: August 10, 2022

Vulnerability identifier: #VU66347

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-35797

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows Hello. An attacker with physical access can bypass the Windows Hello Facial Recognition security feature.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-35797

Security features bypass in Windows - CVE-2022-35797

Description

Remediation

External links

Please verify you're human