CVE-2021-36955

Published Sep 15, 2021

Last updated 7 months ago

Exploit known CVSS high 7.8

C++

Overview

Description: Windows Common Log File System Driver Elevation of Privilege Vulnerability
Source: secure@microsoft.com
NVD status: Analyzed
Products: windows_10_1507, windows_10_1607, windows_10_1809, windows_10_1909, windows_10_2004, windows_10_20h2, windows_10_21h1, windows_7, windows_8.1, windows_rt_8.1, windows_server_2004, windows_server_2008, windows_server_2012, windows_server_2016, windows_server_2019, windows_server_2022, windows_server_20h2

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 4.6
Impact score: 6.4
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:P

Known exploits

Data from CISA

Vulnerability name: Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Exploit added on: Nov 3, 2021
Exploit action due: Nov 17, 2021
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: NVD-CWE-noinfo

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "C1658517-428C-4FAF-8EEE-3FD68557AAD1",
            "versionEndExcluding": "10.0.10240.19060",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "4BF6C51E-7240-457D-A36C-5494AEE41AB1",
            "versionEndExcluding": "10.0.14393.4651",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "1673EF18-FB21-450C-B75D-89279B6779FA",
            "versionEndExcluding": "10.0.17763.2183",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F3F77B0B-2A62-4E21-B042-BB86ABA68BE3",
            "versionEndExcluding": "10.0.18363.1801",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_2004:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "F4E719E7-7D50-49F6-ABD4-77B1F7ECC68C",
            "versionEndExcluding": "10.0.19041.1237",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "71B3072F-0DB3-4C23-AD96-62BF71345E61",
            "versionEndExcluding": "10.0.19042.1237",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "CB038EC1-8E36-48C1-8E2E-3B8B6585D25E",
            "versionEndExcluding": "10.0.19043.1237",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:-:*",
            "matchCriteriaId": "DCF7181C-41D5-46E6-8812-10A51CB208A6",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:-:*",
            "matchCriteriaId": "48032169-A0ED-4D24-85BE-D1FE1EEF9460",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "046119DC-43BF-4077-9721-12E2EFD7F492",
            "versionEndExcluding": "10.0.19041.1237",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
            "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
            "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
            "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:r2:*:*:*:*:*:*",
            "matchCriteriaId": "5F2558DF-2D1F-46BA-ABF1-08522D33268E",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "EAF9D18C-B459-48F2-8451-20E7B04EAD36",
            "versionEndExcluding": "10.0.14393.4651",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "8867C828-131C-466E-9A35-80184659D540",
            "versionEndExcluding": "10.0.17763.2183",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "0663409D-4AE8-4BD9-85FE-9EAED15AE9DB",
            "versionEndExcluding": "10.0.20348.230",
            "vulnerable": true
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
            "matchCriteriaId": "292B87C7-3AC9-48FF-91D7-21D6D74C84A9",
            "versionEndExcluding": "10.0.19042.1237",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

Related CVEs

References