CVE-2021-41363
published 2021-10-13CVE-2021-41363: Intune Management Extension Security Feature Bypass Vulnerability
PriorityP428medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.43%
34.1th percentile
Intune Management Extension Security Feature Bypass Vulnerability
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | intune_management_extension | >= 1.0.0.0 < 1.45.204.0 | 1.45.204.0 |
| msrc | intune_management_extension | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
vendor_msrc4.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Intune Management Extension Security Feature Bypass Vulnerability
vendor_msrc·2021-10-12·CVSS 4.2
CVE-2021-41363 [MEDIUM] Intune Management Extension Security Feature Bypass Vulnerability
Intune Management Extension Security Feature Bypass Vulnerability
FAQ: Are there any pre-requisites for this vulnerability to be exploited in Intune Management Extension?
This vulnerability only exists when Intune Management Extension is enabled as managed installer. Enabling IME as managed installer requires local administrator privileges.
What should I do to protect myself from this vulnerability?
No action is required. As soon as the client connects to the service, it automatically receives a message to update.
Microsoft Intune: Microsoft Intune
Microsoft: Microsoft
Impact: Security Feature Bypass
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: What's New?
GHSA
GHSA-r4xw-hxh4-wmmq: Intune Management Extension Security Feature Bypass Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-41363 [MEDIUM] GHSA-r4xw-hxh4-wmmq: Intune Management Extension Security Feature Bypass Vulnerability
Intune Management Extension Security Feature Bypass Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-10-13
Published