Main Vulnerability Database Vulnerabilities #VU65215

#VU65215 Security features bypass in Windows Server and Windows - CVE-2022-22023

Published: July 12, 2022

Vulnerability identifier: #VU65215

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-22023

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Windows Server
Windows

Software vendor:
Microsoft

Description

The vulnerability allows a local user to bypass authentication process.

The vulnerability exists due to security feature bypass issue in Windows Portable Device Enumerator Service. An authenticated attacker with physical access can bypass the target application.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-22023

#VU65215 Security features bypass in Windows Server and Windows - CVE-2022-22023

Description

Remediation

External links

Please verify you're human