According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires a user to modify a custom compliance script on the device after it is written to temporary storage and before execution of the script finishes. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and integrity (I:H) but not availability (A:N). What does that mean for this vulnerability? This vulnerability could allow an attacker to view potentially restricted information inside of a custom compliance script and tamper with the results of the scripts, but does not allow the attacker to make any other parts of the Intune service unavailable What privileges could an attacker gain by successful exploiting this vulnerability? An attacker who successfully exploited this vulnerability could alter the results of a custom compliance script, bypassing compliance checks enforced by these scripts.
<a href="https://reinom.com/">Xenos</a> with <a href="https://preligens.com/">Preligens</a>