Main Vulnerability Database Vulnerabilities #VU26865

#VU26865 Improper Authentication in Microsoft Your Phone Companion App for Android - CVE-2020-0943

Published: April 14, 2020

Vulnerability identifier: #VU26865

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2020-0943

CWE-ID: CWE-287

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Your Phone Companion App for Android

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists in Microsoft YourPhoneCompanion application for Android, in the way the application processes notifications generated by work profiles. An attacker with physical access to the device can bypass authentication process and view notifications.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0943