CVE-2022-23255: Microsoft OneDrive for Android Security Feature Bypass Vulnerability

Overview

Severity

Medium (CVSS 5.9)

CVSS Vector

CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C

Category

Security Feature Bypass

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2022-Feb

Released

2022-02-08

EPSS Score

0.14% (percentile: 34.6%)

FAQ

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker needs access to an unlocked mobile device to exploit the vulnerability. What kind of security feature could be bypassed by successfully exploiting this vulnerability? The authentication to access OneDrive files could potentially be bypassed. Microsoft recommends installing the update for this vulnerability as soon as possible.

Affected Products (1)

Microsoft Office

• OneDrive for Android

Acknowledgments

<a href="https://www.linkedin.com/in/harsh-tyagi-1468b3193/">Harsh Tyagi</a>

Revision History

• 2022-02-08: Information published.