CVE-2022-35797
Published on: Not Yet Published
Last Modified on: 05/31/2023 07:15:00 PM UTC
Certain versions of Windows 10 from Microsoft contain the following vulnerability:
Windows Hello Security Feature Bypass Vulnerability
- CVE-2022-35797 has been assigned by
secur[email protected] to track the vulnerability - currently rated as MEDIUM severity. - Affected Vendor/Software: Microsoft - Windows 10 Version 1809 version < 10.0.17763.3287
- Affected Vendor/Software: Microsoft - Windows 10 Version 21H1 version < 10.0.19043.1889
- Affected Vendor/Software: Microsoft - Windows 10 Version 20H2 version < 10.0.19042.1889
- Affected Vendor/Software: Microsoft - Windows 11 version 21H2 version < 10.0.22000.856
- Affected Vendor/Software: Microsoft - Windows 10 Version 21H2 version < 10.0.19044.1889
CVSS3 Score: 6.1 - MEDIUM
| Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
|---|---|---|---|
| PHYSICAL | LOW | NONE | NONE |
| Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
| UNCHANGED | HIGH | HIGH | NONE |
CVE References
| Description | Tags ⓘ | Link |
|---|---|---|
| Security Update Guide - Microsoft Security Response Center | msrc.microsoft.com text/html |
MISC msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35797 |
| Security Update Guide - Microsoft Security Response Center | portal.msrc.microsoft.com text/html |
N/A N/A |
Related QID Numbers
- 91931 Microsoft Windows Security Update for August 2022
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 1809 | All | All | All |
| Operating System | Microsoft | Windows 10 | 20h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 20h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 20h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h1 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h1 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h1 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h2 | All | All | All |
| Operating System | Microsoft | Windows 10 | 21h2 | All | All | All |
| Operating System | Microsoft | Windows 11 | - | All | All | All |
| Operating System | Microsoft | Windows 11 | - | All | All | All |
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*:
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*:
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*:
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*:
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*:
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*:
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*:
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*:
- cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*:
- cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*:
- cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*:
No vendor comments have been submitted for this CVE
Social Mentions
| Source | Title | Posted (UTC) |
|---|---|---|
 @CVEreport |
CVE-2022-35797 : #Windows Hello Security Feature Bypass Vulnerability.... cve.report/CVE-2022-35797 | 2022-08-09 20:42:23 |
| @threatmeter |
CVE-2022-35797 | Microsoft Windows 10 20H2/10 21H1/10 21H2/10 1809/11 Hello Security Local Privilege Escalation A v… twitter.com/i/web/status/1… | 2022-08-10 07:50:21 |
| @ColorTokensInc |
Emerging Vulnerability Found CVE-2022-35797 - Windows Hello Security Feature Bypass Vulnerability. See xcloud.spectrum.colortokens.com/cve/CVE-2022-3… | 2022-08-15 15:42:15 |