gsd-2021-26899
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
Windows UPnP Device Host Elevation of Privilege Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-26899",
"description": "Windows UPnP Device Host Elevation of Privilege Vulnerability",
"id": "GSD-2021-26899"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-26899"
],
"details": "Windows UPnP Device Host Elevation of Privilege Vulnerability",
"id": "GSD-2021-26899",
"modified": "2023-12-13T01:23:33.241872Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2021-26899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 Version 1803",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 10 Version 1809",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 10 Version 1909",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server, version 1909 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 10 Version 2004",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server version 2004",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 10 Version 20H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server version 20H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 10 Version 1507",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 10 Version 1607",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 7 Service Pack 1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.3.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2008 Service Pack 2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2008 R2 Service Pack 1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.1.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.2.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2012 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.2.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.3.0",
"version_value": "publication"
}
]
}
},
{
"product_name": "Windows Server 2012 R2 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.3.0",
"version_value": "publication"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows UPnP Device Host Elevation of Privilege Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899",
"refsource": "MISC",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*",
"matchCriteriaId": "084984D5-D241-497B-B118-50C6C1EAD468",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*",
"matchCriteriaId": "BA592626-F17C-4F46-823B-0947D102BBD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:-:*",
"matchCriteriaId": "EBBC793C-D584-46DA-BCD1-2844810152B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*",
"matchCriteriaId": "897A48D7-FCA1-4560-AFBB-718AF19BA3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*",
"matchCriteriaId": "507EB48C-F479-424C-8ABA-C279AB4FE3F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:-:*",
"matchCriteriaId": "4503B88E-3ECB-4B0A-A813-077157D1EF0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:-:*",
"matchCriteriaId": "DBE7565D-AC25-4017-B2E4-4B463D7680DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:-:*",
"matchCriteriaId": "6EE4C8CA-0351-499C-9E59-D31CEA7BC7B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:x64:*",
"matchCriteriaId": "85A7C1C6-7390-4B26-8FED-F067EC3DF1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:-:*:x86:*",
"matchCriteriaId": "2E91BCB5-D0F7-4D53-BC85-D114C2D87A9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:x64:*",
"matchCriteriaId": "9D654D3A-6A99-4904-8B37-E52E80F7C85A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:-:*:x86:*",
"matchCriteriaId": "01A6D6B4-B97F-4C8C-AD09-11454F0A39CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:*:*:*",
"matchCriteriaId": "66CAFDB7-9D41-4E67-AB83-5EB104551FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:sp2:*:*:*:*:x86:*:*",
"matchCriteriaId": "DC633D8A-2E7A-4115-95AC-555C42F4942D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:-:*:-:*",
"matchCriteriaId": "44A1A867-3DAC-4C42-A091-E07B6672EE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
"matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
"matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
"matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Windows UPnP Device Host Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios de UPnP Device Host de Windows"
}
],
"id": "CVE-2021-26899",
"lastModified": "2023-12-29T20:15:57.600",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-03-11T16:15:16.503",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading...