CVE-2021-26431

EUVD-2021-13236
Windows Recovery Environment Agent Elevation of Privilege Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Windows Releases
Platform
Version
Windows 10
2004 (arm64, x64, x86)
KB5005033
20H2 (arm64, x64, x86)
KB5005033
21H1 (arm64, x64, x86)
KB5005033
Windows Server
2004 Server Core
KB5005033
20H2 Server Core
KB5005033
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26431
https://www.zerodayinitiative.com/advisories/ZDI-21-1053/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26431
https://www.zerodayinitiative.com/advisories/ZDI-21-1053/