Attacker Value
High
(1 user assessed)
Exploitability
Very High
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
1

CVE-2021-34481

Disclosure Date: July 16, 2021
CVE-2021-34481 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Privilege Escalation
Techniques
Validation
Validated
Validated
Validated

Add Assessment

4
Ratings
  • Attacker Value
    High
  • Exploitability
    Very High
Common in enterpriseEasy to weaponizeGives privileged accessVulnerable in default configurationAuthenticated
Technical Analysis

CVE-2021-34481 was the result of two features intended to make the standard (non-administrative) Windows user’s life easier:

  1. Adding a remote printer did not require administrative access. Just point your computer at the remote printer and print.
  2. Adding a printer whose drivers were in the driver store did not require administrative access.

These two mechanisms combined allowed a low privileged Windows user to add arbitrary signed drivers to the driver store and then install them at will. A low privileged user could install a vulnerable print driver and exploit it to achieve SYSTEM privileges. In the DEF CON 29 talk Bring Your Own Vulnerable Print Driver, the example vulnerable drivers were Lexmark Universal Print Driver (CVE-2021-35449) , Canon TR150 Print Driver (CVE-2021-38085), and Ricoh PCL6 Print Driver (CVE-2019-19363).

Microsoft patched this issue by, essentially, removing the ability for a low privileged user to easily install a remote printer.

An exploit with some additional details was posted on GitHub.

Log in to Add Reply
CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
Windows Versions Under Investigation
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • microsoft

Products

  • windows 10 -,
  • windows 10 1607,
  • windows 10 1809,
  • windows 10 1909,
  • windows 10 2004,
  • windows 10 20h2,
  • windows 10 21h1,
  • windows 7 -,
  • windows 8.1 -,
  • windows rt 8.1 -,
  • windows server 2008 -,
  • windows server 2008 r2,
  • windows server 2012 -,
  • windows server 2016 -,
  • windows server 2016 2004,
  • windows server 2019 -

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis