Main Vulnerability Database Vulnerabilities #VU75017

Security features bypass in Windows and Windows Server - CVE-2023-28270

Published: April 12, 2023

Vulnerability identifier: #VU75017

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2023-28270

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to security features bypass in Windows Lock Screen. An attacker with physical access can bypass authentication feature.

Install updates from vendor's website.