CVE-2024-30059 is a vulnerability classified under CWE-284 (Improper Access Control) affecting Microsoft Intune Mobile Application Management (MAM) for Android, specifically version 1.0. The flaw allows a user with limited privileges (low-level privileges) to tamper with the mobile application management controls that Intune enforces on managed Android devices. The vulnerability does not require user interaction and can be exploited locally (AV:L), meaning the attacker must have local access to the device but does not need elevated privileges beyond low-level permissions. The vulnerability impacts confidentiality significantly (C:H), while integrity is not affected (I:N), and availability impact is low (A:L). The scope remains unchanged (S:U), indicating the vulnerability affects only the vulnerable component without impacting other components. The exploitability is rated high (E:H), suggesting that once local access is obtained, exploitation is straightforward. The vulnerability has a CVSS 3.1 base score of 6.1, categorized as medium severity. No known exploits are currently reported in the wild. The vulnerability stems from improper access control mechanisms within the Intune MAM implementation, potentially allowing unauthorized access or manipulation of managed application policies or data, which could lead to exposure of sensitive corporate information or bypass of security controls enforced by Intune on Android devices.

For European organizations, this vulnerability poses a moderate risk primarily to confidentiality of corporate data managed via Microsoft Intune on Android devices. Since Intune is widely used for mobile device and application management in enterprises, especially those with Bring Your Own Device (BYOD) policies, exploitation could allow attackers with local device access to bypass management policies, extract sensitive data, or tamper with application configurations. This could lead to data leakage, violation of compliance requirements such as GDPR, and potential lateral movement within corporate networks if attackers leverage compromised devices. The limited impact on integrity and availability reduces the risk of direct disruption or data manipulation, but confidentiality breaches alone can have significant regulatory and reputational consequences. The requirement for local access and low privileges means that attackers would likely need physical access or prior compromise of the device, limiting remote exploitation but increasing risk in scenarios of lost or stolen devices or insider threats.

1. Ensure all Android devices managed by Microsoft Intune are updated to versions beyond 1.0 where this vulnerability is addressed, as soon as patches become available. 2. Enforce strong device access controls such as biometric or PIN authentication to reduce risk from local attackers. 3. Implement strict device enrollment and compliance policies within Intune to detect and remediate tampering attempts. 4. Use conditional access policies to restrict access to sensitive corporate resources from devices that do not meet compliance standards. 5. Educate users on the risks of device loss and encourage immediate reporting and remote wipe capabilities. 6. Monitor device logs and Intune management alerts for unusual activity indicative of tampering or policy bypass attempts. 7. Consider additional endpoint protection solutions that can detect unauthorized changes to mobile application management configurations. These steps go beyond generic patching advice by emphasizing layered security controls, user awareness, and proactive monitoring tailored to the specific nature of this vulnerability.