Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability

2023-01-1008:00:00

Microsoft

msrc.microsoft.com

windows

smart card

resource management

server

security

feature bypass

vulnerability

microsoft

CVSS3

3.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

EPSS

Percentile

12.8%

JSON

Affected configurations

Vulners

Node

microsoftwindows_10_20h2Range<10.0.19042.2486

microsoftwindows_10_21h2Range<10.0.19044.2486

microsoftwindows_11_21h2Range<10.0.22000.1455

microsoftwindows_server_2022Range<10.0.20348.1487

microsoftwindows_11_22h2Range<10.0.22621.1105

microsoftwindows_10_22h2Range<10.0.19045.2486

microsoftwindows_11_22h2Range<10.0.22621.1105

microsoftwindows_10_22h2Range<10.0.19045.2486

VendorProductVersionCPE
microsoftwindows_10_20h2*cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
microsoftwindows_10_21h2*cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
microsoftwindows_11_21h2*cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
microsoftwindows_server_2022*cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
microsoftwindows_11_22h2*cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
microsoftwindows_10_22h2*cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows_10_20h2	*	cpe:2.3:o:microsoft:windows_10_20h2::::::::
microsoft	windows_10_21h2	*	cpe:2.3:o:microsoft:windows_10_21h2::::::::
microsoft	windows_11_21h2	*	cpe:2.3:o:microsoft:windows_11_21h2::::::::
microsoft	windows_server_2022	*	cpe:2.3:o:microsoft:windows_server_2022::::::::
microsoft	windows_11_22h2	*	cpe:2.3:o:microsoft:windows_11_22h2::::::::
microsoft	windows_10_22h2	*	cpe:2.3:o:microsoft:windows_10_22h2::::::::