CVE-2021-36955

EUVD-2021-23531
Windows Common Log File System Driver Elevation of Privilege Vulnerability
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
microsoftCNA
7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
microsoftwindows_10_1507
𝑥
< 10.0.10240.19060
microsoftwindows_10_1607
𝑥
< 10.0.14393.4651
microsoftwindows_10_1809
𝑥
< 10.0.17763.2183
microsoftwindows_10_1909
𝑥
< 10.0.18363.1801
microsoftwindows_10_2004
𝑥
< 10.0.19041.1237
microsoftwindows_10_20h2
𝑥
< 10.0.19042.1237
microsoftwindows_10_21h1
𝑥
< 10.0.19043.1237
microsoftwindows_7
-
microsoftwindows_8.1
-
microsoftwindows_rt_8.1
-
microsoftwindows_server_2004
𝑥
< 10.0.19041.1237
microsoftwindows_server_2008
-
microsoftwindows_server_2012
-
microsoftwindows_server_2012
-
microsoftwindows_server_2016
𝑥
< 10.0.14393.4651
microsoftwindows_server_2019
𝑥
< 10.0.17763.2183
microsoftwindows_server_2022
𝑥
< 10.0.20348.230
microsoftwindows_server_20h2
𝑥
< 10.0.19042.1237
𝑥
= Vulnerable software versions
Windows Releases
Platform
Version
Windows 10
(x64, x86)
KB5005569
1607 (x64, x86)
KB5005573
1809 (arm64, x64, x86)
KB5005568
1909 (arm64, x64, x86)
KB5005566
2004 (arm64, x64, x86)
KB5005565
20H2 (arm64, x64, x86)
KB5005565
21H1 (arm64, x64, x86)
KB5005565
Windows 7
Service Pack 1 (x64, x86)
KB5005633
Windows 8.1
(x64, x86)
KB5005627
Windows RT 8.1
All
KB5005613
Windows Server
2004 Server Core
KB5005565
20H2 Server Core
KB5005565
Windows Server 2008
Service Pack 2 (x64, x86)
KB5005618
Service Pack 2 Server Core (x64, x86)
KB5005618
Windows Server 2008 R2
Service Pack 1 (x64)
KB5005633
Service Pack 1 Server Core (x64)
KB5005633
Windows Server 2012
Server Core
KB5005623
Standard
KB5005623
Windows Server 2012 R2
Server Core
KB5005627
Standard
KB5005627
Windows Server 2016
Server Core
KB5005573
Standard
KB5005573
Windows Server 2019
Server Core
KB5005568
Standard
KB5005568
Windows Server 2022
Server Core
KB5005575
Standard
KB5005575
References
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36955