Main Vulnerability Database Vulnerabilities #VU70232

#VU70232 Permissions, Privileges, and Access Controls in Microsoft Outlook for Android - CVE-2022-24480

Published: December 13, 2022

Vulnerability identifier: #VU70232

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-24480

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Microsoft Outlook for Android

Software vendor:
Microsoft

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Outlook for Android. An user with physical access to an unlocked device can bypass the application's biometric authentication, which effectively disables the application lock and gives the attacker full access.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24480