Main Vulnerability Database Vulnerabilities #VU88391

Improper access control in Windows and Windows Server - CVE-2024-28922

Published: April 10, 2024

Vulnerability identifier: #VU88391

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-28922

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in Secure Boot. An authenticated attacker with physical access can bypass Secure Boot.

Install updates from vendor's website.