CVE-2021-1675

high

Description

Windows Print Spooler Remote Code Execution Vulnerability

From the Tenable Blog

CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability
CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability

Published: 2021-06-29

Researchers published and deleted proof-of-concept code for a remote code execution vulnerability in Windows Print Spooler, called PrintNightmare, though the PoC is likely still available. Update July 2: The Background, Analysis and Solution sections have been updated with new information for CVE-2021-34527 issued by Microsoft on July 1. No patch has yet been released for the new CVE, but additional information and mitigation options are offered in the advisory.

References

Details

Source: Mitre, NVD

Published: 2021-06-08

Updated: 2024-11-21

Named Vulnerability: PrintNightmareKnown Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.94349