Main Vulnerability Database Vulnerabilities #VU60447

#VU60447 Security features bypass in OneDrive for Android - CVE-2022-23255

Published: February 8, 2022

Vulnerability identifier: #VU60447

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-23255

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
OneDrive for Android

Software vendor:
Microsoft

Description

The vulnerability allows a local user to compromsie the target system.

The vulnerability exists due to an error in Microsoft OneDrive for Android. An authenticated attacker with physical access can bypass the authentication to access OneDrive files.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23255