CVE-2021-42279 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.2 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
microsoft	windows_10	-
microsoft	windows_11	-
microsoft	windows_11	-
microsoft	windows_server_2016	-
microsoft	windows_server_2019	-
microsoft	windows_server_2022	-

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

(x64, x86)	KB5007207
1607 (x64, x86)	KB5007192
1809 (arm64, x64, x86)	KB5007206
1909 (arm64, x64, x86)	KB5007189
2004 (arm64, x64, x86)	KB5007186
20H2 (arm64, x86)	KB5007186
21H1 (arm64, x64, x86)	KB5007186

Windows 11

21H2 (arm64, x64)

Windows Server

2004 Server Core	KB5007186
20H2 Server Core	KB5007186

Windows Server 2016

Standard

Windows Server 2019

Standard

Windows Server 2022

Standard

Common Weakness Enumeration

CWE-787 - Out-of-bounds Write
The software writes data past the end, or before the beginning, of the intended buffer.

References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42279

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42279