var-202106-0639
Vulnerability from variot
Windows Print Spooler Remote Code Execution Vulnerability. The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.CVE-2021-1675 Affected CVE-2021-34527 AffectedCVE-2021-1675 Affected CVE-2021-34527 Affected. Attackers can use this vulnerability to elevate permissions. Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统. Windows Print Spooler Components存在安全漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202106-0639", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1809" }, { "model": "windows 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 7", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows server 2012", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1607" }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "20h2" }, { "model": "windows server 2008", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "2004" }, { "model": "windows server 2008", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "r2" }, { "model": "windows server 2012", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "r2" }, { "model": "windows server 2016", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "1909" }, { "model": "windows server 2019", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows rt 8.1", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": null }, { "model": "windows 10", "scope": "eq", "trust": 1.0, "vendor": "microsoft", "version": "21h1" }, { "model": "microsoft windows rt 8.1", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2012 r2" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "20h2 (server core installation)" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2019 (server core installation)" }, { "model": "microsoft windows 7", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server 2008", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server 2016", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "(server core installation)" }, { "model": "microsoft windows server 2012", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2008 r2 for x64-based systems sp1" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2008 for x64-based systems sp2" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2008 r2 for x64-based systems sp1 (server core installation)" }, { "model": "microsoft windows 8.1", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2016" }, { "model": "microsoft windows 10", "scope": null, "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2008 for 32-bit systems sp2 (server core installation)" }, { "model": "microsoft windows server 2019", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": null }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2012 (server core installation)" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2004 (server core installation)" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2008 for x64-based systems sp2 (server core installation)" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2016 (server core installation)" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2012 r2 (server core installation)" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2012" }, { "model": "microsoft windows server", "scope": "eq", "trust": 0.8, "vendor": "\u30de\u30a4\u30af\u30ed\u30bd\u30d5\u30c8", "version": "2008 for 32-bit systems sp2" }, { "model": "windows rt", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "8.1" }, { "model": "windows server", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2012" }, { "model": "windows server", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2016" }, { "model": "windows server r2", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2012" }, { "model": "windows for x64-based systems sp1", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "7" }, { "model": "windows for 32-bit systems sp1", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "7" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows server", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2019" }, { "model": "windows server 20h2 (server core insta", "scope": null, "trust": 0.6, "vendor": "microsoft", "version": null }, { "model": "windows server (server core insta", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2004" }, { "model": "windows server r2 (server core in", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2012" }, { "model": "windows server (server core insta", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2012" }, { "model": "windows server (server core insta", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2016" }, { "model": "windows server (server core insta", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2019" }, { "model": "windows 21h1 for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101607" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101909" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows 20h2 for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "102004" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "102004" }, { "model": "windows 21h1 for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows 20h2 for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows for x64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "8.1" }, { "model": "windows 20h2 for arm64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101909" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101607" }, { "model": "windows server for x64-based syst", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2008" }, { "model": "windows for arm64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "101909" }, { "model": "windows for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "8.1" }, { "model": "windows server r2 for x64-based s", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2008" }, { "model": "windows server for 32-bit systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "2008" }, { "model": "windows 21h1 for arm64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "10" }, { "model": "windows for arm64-based systems", "scope": "eq", "trust": 0.6, "vendor": "microsoft", "version": "102004" } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-48427" }, { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "NVD", "id": "CVE-2021-1675" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-1675" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "This document was written by Will Dormann.We have not received a statement from the vendor.", "sources": [ { "db": "CERT/CC", "id": "VU#383432" } ], "trust": 0.8 }, "cve": "CVE-2021-1675", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 6.8, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-1675", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "CNVD", "availabilityImpact": "PARTIAL", "baseScore": 9.7, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CNVD-2021-48427", "impactScore": 9.5, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.6, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULMON", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2021-1675", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.1, "userInteractionRequired": null, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "LOW", "attackVector": "LOCAL", "author": "secure@microsoft.com", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Local", "author": "NVD", "availabilityImpact": "High", "baseScore": 7.8, "baseSeverity": "High", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-1675", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "Required", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-1675", "trust": 1.8, "value": "HIGH" }, { "author": "secure@microsoft.com", "id": "CVE-2021-1675", "trust": 1.0, "value": "HIGH" }, { "author": "CNVD", "id": "CNVD-2021-48427", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202106-513", "trust": 0.6, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULMON", "id": "CVE-2021-1675", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-48427" }, { "db": "VULMON", "id": "CVE-2021-1675" }, { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "NVD", "id": "CVE-2021-1675" }, { "db": "NVD", "id": "CVE-2021-1675" }, { "db": "CNNVD", "id": "CNNVD-202106-513" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Windows Print Spooler Remote Code Execution Vulnerability. The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.CVE-2021-1675 Affected\nCVE-2021-34527 AffectedCVE-2021-1675 Affected\nCVE-2021-34527 Affected. Attackers can use this vulnerability to elevate permissions. Microsoft Windows\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e2a\u4eba\u8bbe\u5907\u4f7f\u7528\u7684\u64cd\u4f5c\u7cfb\u7edf. \nWindows Print Spooler Components\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u4ee5\u4e0b\u4ea7\u54c1\u548c\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aWindows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements", "sources": [ { "db": "NVD", "id": "CVE-2021-1675" }, { "db": "CERT/CC", "id": "VU#383432" }, { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "CNVD", "id": "CNVD-2021-48427" }, { "db": "CNNVD", "id": "CNNVD-202106-513" }, { "db": "CNNVD", "id": "CNNVD-202104-975" }, { "db": "VULMON", "id": "CVE-2021-1675" } ], "trust": 4.05 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-1675", "trust": 3.9 }, { "db": "CERT/CC", "id": "VU#383432", "trust": 3.2 }, { "db": "PACKETSTORM", "id": "163351", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "167261", "trust": 1.6 }, { "db": "PACKETSTORM", "id": "163349", "trust": 1.6 }, { "db": "JVNDB", "id": "JVNDB-2021-001920", "trust": 0.8 }, { "db": "CNVD", "id": "CNVD-2021-48427", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021060813", "trust": 0.6 }, { "db": "CXSECURITY", "id": "WLB-2022050084", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202106-513", "trust": 0.6 }, { "db": "CS-HELP", "id": "SB2021041363", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202104-975", "trust": 0.6 }, { "db": "VULMON", "id": "CVE-2021-1675", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#383432" }, { "db": "CNVD", "id": "CNVD-2021-48427" }, { "db": "VULMON", "id": "CVE-2021-1675" }, { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "NVD", "id": "CVE-2021-1675" }, { "db": "CNNVD", "id": "CNNVD-202106-513" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "id": "VAR-202106-0639", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "CNVD", "id": "CNVD-2021-48427" } ], "trust": 1.6 }, "iot_taxonomy": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "category": [ "Network device" ], "sub_category": null, "trust": 0.6 } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-48427" } ] }, "last_update_date": "2023-12-18T11:12:16.516000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "Windows\u00a0Print\u00a0Spooler\u00a0Remote\u00a0Code\u00a0Execution\u00a0Vulnerability Security Update Guide", "trust": 0.8, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1675" }, { "title": "Patch for Microsoft Windows Print Spooler Privilege Escalation Vulnerability", "trust": 0.6, "url": "https://www.cnvd.org.cn/patchinfo/show/277191" }, { "title": "Windows Print Spooler Components Fixes for permissions and access control issues vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154263" }, { "title": "Print-Nightmare-LPE", "trust": 0.1, "url": "https://github.com/gyaansastra/print-nightmare-lpe " }, { "title": "CVE-2021-1675-PrintNightmare", "trust": 0.1, "url": "https://github.com/killtr0/cve-2021-1675-printnightmare " }, { "title": "", "trust": 0.1, "url": "https://github.com/nathanealm/printnightmare-exploit " }, { "title": "docker-printernightmare", "trust": 0.1, "url": "https://github.com/real-acmkan/docker-printernightmare " }, { "title": "calebstewart-CVE-2021-1675", "trust": 0.1, "url": "https://github.com/mtthwstffrd/calebstewart-cve-2021-1675 " }, { "title": "Microsoft-CVE-2021-1675", "trust": 0.1, "url": "https://github.com/thalpius/microsoft-cve-2021-1675 " }, { "title": "CVE-2021-1675", "trust": 0.1, "url": "https://github.com/thomasgeens/cve-2021-1675 " }, { "title": "fghdgf", "trust": 0.1, "url": "https://github.com/testtesttest55555/fghdgf " }, { "title": "OSCP", "trust": 0.1, "url": "https://github.com/ciwen3/oscp " }, { "title": "CVE-2021-1675-LPE", "trust": 0.1, "url": "https://github.com/hlldz/cve-2021-1675-lpe " }, { "title": "CVE-2021-1675-Mitigation-For-Systems-That-Need-Spooler", "trust": 0.1, "url": "https://github.com/gohrenberg/cve-2021-1675-mitigation-for-systems-that-need-spooler " }, { "title": "SharpPN", "trust": 0.1, "url": "https://github.com/wra7h/sharppn_cve-2021-1675 " }, { "title": "FullstackAcademy-Printernightmare-writeup-2105-E.C.A.R.", "trust": 0.1, "url": "https://github.com/sirius-rj/fullstackacademy-printernightmare-writeup-2105-e.c.a.r. " }, { "title": "CVE-2021-1675", "trust": 0.1, "url": "https://github.com/laresllc/cve-2021-1675 " }, { "title": "SharpPN", "trust": 0.1, "url": "https://github.com/wra7h/sharppn " }, { "title": "CVE-2021-1675", "trust": 0.1, "url": "https://github.com/winter3un/cve-2021-1675 " } ], "sources": [ { "db": "CNVD", "id": "CNVD-2021-48427" }, { "db": "VULMON", "id": "CVE-2021-1675" }, { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "CNNVD", "id": "CNNVD-202106-513" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 }, { "problemtype": "Improper authority management (CWE-269) [NVD Evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "NVD", "id": "CVE-2021-1675" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "https://www.kb.cert.org/vuls/id/383432" }, { "trust": 2.2, "url": "http://packetstormsecurity.com/files/163349/microsoft-printnightmare-proof-of-concept.html" }, { "trust": 2.2, "url": "http://packetstormsecurity.com/files/167261/print-spooler-remote-dll-injection.html" }, { "trust": 1.6, "url": "http://packetstormsecurity.com/files/163351/printnightmare-windows-spooler-service-remote-code-execution.html" }, { "trust": 1.6, "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1675" }, { "trust": 0.8, "url": "cve-2021-1675 " }, { "trust": 0.8, "url": "cve-2021-34527 " }, { "trust": 0.8, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1675" }, { "trust": 0.8, "url": "https://www.ipa.go.jp/security/ciadr/vul/20210609-ms.html" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2021/at210027.html" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021060813" }, { "trust": 0.6, "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1675" }, { "trust": 0.6, "url": "https://cxsecurity.com/issue/wlb-2022050084" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/windows-privilege-escalation-via-print-spooler-rpcaddprinterdriverex-35806" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/windows-vulnerabilities-of-june-2021-35662" }, { "trust": 0.6, "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363" } ], "sources": [ { "db": "CERT/CC", "id": "VU#383432" }, { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "NVD", "id": "CVE-2021-1675" }, { "db": "CNNVD", "id": "CNNVD-202106-513" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#383432" }, { "db": "CNVD", "id": "CNVD-2021-48427" }, { "db": "VULMON", "id": "CVE-2021-1675" }, { "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "db": "NVD", "id": "CVE-2021-1675" }, { "db": "CNNVD", "id": "CNNVD-202106-513" }, { "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-06-30T00:00:00", "db": "CERT/CC", "id": "VU#383432" }, { "date": "2021-07-07T00:00:00", "db": "CNVD", "id": "CNVD-2021-48427" }, { "date": "2021-06-08T00:00:00", "db": "VULMON", "id": "CVE-2021-1675" }, { "date": "2021-07-05T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "date": "2021-06-08T23:15:08.267000", "db": "NVD", "id": "CVE-2021-1675" }, { "date": "2021-06-08T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-513" }, { "date": "2021-04-13T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-08-03T00:00:00", "db": "CERT/CC", "id": "VU#383432" }, { "date": "2021-07-07T00:00:00", "db": "CNVD", "id": "CNVD-2021-48427" }, { "date": "2023-08-08T00:00:00", "db": "VULMON", "id": "CVE-2021-1675" }, { "date": "2021-07-05T08:20:00", "db": "JVNDB", "id": "JVNDB-2021-001920" }, { "date": "2023-08-08T14:22:24.967000", "db": "NVD", "id": "CVE-2021-1675" }, { "date": "2022-05-26T00:00:00", "db": "CNNVD", "id": "CNNVD-202106-513" }, { "date": "2021-04-14T00:00:00", "db": "CNNVD", "id": "CNNVD-202104-975" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-513" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()", "sources": [ { "db": "CERT/CC", "id": "VU#383432" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "permissions and access control issues", "sources": [ { "db": "CNNVD", "id": "CNNVD-202106-513" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.