Описание
Microsoft Authenticator Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, Attack Vector is Local (AV:L). What does that mean for this vulnerability?
An attacker would have to have local presence on the device through malware or a malicious application to be able to exploit this vulnerability.
According to the CVSS metric, User Interaction is Required (UI:R). What interaction would the user have to do?
The victim will have to close and re-open the Authenticator app for the attacker to exploit this vulnerability.
According to the CVSS metric, Confidentiality and Integrity impact are High and Availability is None (C:H, I:H, A:N). What does that mean for this vulnerability?
Exploitation of this vulnerability could allow an attacker to gain access to multi-factor authentication codes for the victim's accounts, as well as modify or delete accounts in the authenticator app but not prevent the app from launching or running.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.1 High
CVSS3
Связанные уязвимости
Microsoft Authenticator Elevation of Privilege Vulnerability
Microsoft Authenticator Elevation of Privilege Vulnerability
Уязвимость приложения многофакторной аутентификации Microsoft Authenticator, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.1 High
CVSS3