CVE-2021-31958high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
Windows NTLM Elevation of Privilege Vulnerability
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31958
Details
Source: MITRE
Published: 2021-06-08
Updated: 2021-06-14
Type: CWE-269
Risk Information
CVSS v2
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 150374 | KB5003646: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150370 | KB5003637: Windows 10 version 2004 / Windows 10 version 20H2 / Windows 10 version 21H1 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150369 | KB5003635: Windows 10 version 1909 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150368 | KB5003694: Windows Server 2008 R2 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150367 | KB5003638: Windows 10 version 1607 / Windows Server 2016 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150363 | KB5003697: Windows Server 2012 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150357 | KB5003695: Windows Server 2008 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150354 | KB5003681: Windows Server 2012 R2 Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |
| 150353 | KB5003687: Windows 10 version 1507 LTS Security Update (June 2021) | Nessus | Windows : Microsoft Bulletins | high |