CVE-2021-28310 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoft	CNA	7.8 HIGH				CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10_1803	-
microsoft	windows_10_1809	-
microsoft	windows_10_1909	-
microsoft	windows_10_2004	-
microsoft	windows_10_20h2	-
microsoft	windows_server_1909	-
microsoft	windows_server_2004	-
microsoft	windows_server_2019	-
microsoft	windows_server_20h2	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1803 (arm64, x64, x86)	KB5001339
1809 (arm64, x64, x86)	KB5001342
1909 (arm64, x64, x86)	KB5001337
2004 (arm64, x64, x86)	KB5001330
20H2 (arm64, x64, x86)	KB5001330

Windows Server

1909 Server Core	KB5001337
2004 Server Core	KB5001330
20H2 Server Core	KB5001330

Windows Server 2019

Server Core	KB5001342
Standard	KB5001342

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28310

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28310

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-28310