Main Vulnerability Database Vulnerabilities #VU58073

#VU58073 Security features bypass in Windows and Windows Server - CVE-2021-42288

Published: November 9, 2021

Vulnerability identifier: #VU58073

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-42288

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows
Windows Server

Software vendor:
Microsoft

Description

The vulnerability allows a local attacker to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows Hello. An attacker with physical access can bypass the target application

Install updates from vendor's website.