CVE-2021-31958

Опубликовано: 08 июн. 2021

Источник: msrc

CVSS3: 7.5

EPSS Низкий

Описание

Windows NTLM Elevation of Privilege Vulnerability

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?

This vulnerability requires that a user with an affected version of Windows access a malicious server. An attacker would have to host a specially crafted server share or website. An attacker would have no way to force users to visit this specially crafted server share or website, but would have to convince them to visit the server share or website, typically by way of an enticement in an email or chat message.

Обновления

Продукт	Статья	Обновление
Windows Server 2008 for 32-bit Systems Service Pack 2	5003661 5003695	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2	5003661 5003695	Monthly Rollup Security Only
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)	5003661 5003695	Monthly Rollup Security Only
Windows 7 for 32-bit Systems Service Pack 1	5003667 5003694	Monthly Rollup Security Only
Windows 7 for x64-based Systems Service Pack 1	5003667 5003694	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)	5003667 5003694	Monthly Rollup Security Only
Windows Server 2008 R2 for x64-based Systems Service Pack 1	5003667 5003694	Monthly Rollup Security Only
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)	5003661 5003695	Monthly Rollup Security Only
Windows Server 2012	5003697 5003696	Monthly Rollup Security Only
Windows Server 2012 (Server Core installation)	5003697 5003696	Monthly Rollup Security Only

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 83%

0.01935

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2021-31958

CVSS3: 7.5

nvd

около 4 лет назад

Windows NTLM Elevation of Privilege Vulnerability

GHSA-2c92-7r7g-hm5v

CVSS3: 8.8

github

около 3 лет назад

Windows NTLM Elevation of Privilege Vulnerability

BDU:2021-03081

CVSS3: 9.8

fstec

около 4 лет назад

Уязвимость протокола сетевой аутентификации NT LAN Manager (NTLM) операционной системы Windows, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 83%

0.01935

Низкий

7.5 High

CVSS3