Attacker Value

High

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

Unknown

Privileges Required

Unknown

Attack Vector

Unknown

CVE-2021-26899

Disclosure Date: March 11, 2021 •

CVE-2021-26899

Exploited in the Wild

Reported by Toffee2apple
View Source Details

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Windows UPnP Device Host Elevation of Privilege Vulnerability

Add Assessment

Toffee2apple (2)

December 11, 2023 5:36am UTC (1 year ago)

Ratings

Attacker Value

High

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

None

Impact Score:

Unknown

Exploitability Score:

Unknown

Vector:

Unknown

Attack Vector (AV):

Unknown

Attack Complexity (AC):

Unknown

Privileges Required (PR):

Unknown

User Interaction (UI):

Unknown

Scope (S):

Unknown

Confidentiality (C):

Unknown

Integrity (I):

Unknown

Availability (A):

Unknown

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Windows 10 Version 1803 publication

Windows 10 Version 1809 publication

Windows Server 2019 publication

Windows Server 2019 (Server Core installation) publication

Windows 10 Version 1909 publication

Windows Server, version 1909 (Server Core installation) publication

Windows 10 Version 2004 publication

Windows Server version 2004 publication

Windows 10 Version 20H2 publication

Windows Server version 20H2 publication

Windows 10 Version 1507 publication

Windows 10 Version 1607 publication

Windows Server 2016 publication

Windows Server 2016 (Server Core installation) publication

Windows 7 publication

Windows 7 Service Pack 1 publication

Windows 8.1 publication

Windows Server 2008 Service Pack 2 publication

Windows Server 2008 Service Pack 2 (Server Core installation) publication

Windows Server 2008 Service Pack 2 publication

Windows Server 2008 R2 Service Pack 1 publication

Windows Server 2008 R2 Service Pack 1 (Server Core installation) publication

Windows Server 2012 publication

Windows Server 2012 (Server Core installation) publication

Windows Server 2012 R2 publication

Windows Server 2012 R2 (Server Core installation) publication

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

microsoft

Products

windows 10 -,
windows 10 1607,
windows 10 1809,
windows 10 1909,
windows 10 2004,
windows 10 20h2,
windows 7 -,
windows 8.1 -,
windows rt 8.1 -,
windows server 2008 r2,
windows server 2008 sp2,
windows server 2012 -,
windows server 2012 r2,
windows server 2016 -,
windows server 2016 1909,
windows server 2016 2004,
windows server 2016 20h2,
windows server 2019 -

Exploited in the Wild

Reported by:

Toffee2apple indicated sources as

Vendor Advisory
Threat Feed

Reported: December 11, 2023 5:36am UTC (1 year ago)

References

Canonical

CVE-2021-26899 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26899)

Miscellaneous

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26899

Rapid7

High

CVE-2021-26899

High

Unknown

Unknown

Unknown

Unknown

CVE-2021-26899

Description

Add Assessment

Ratings

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

High

CVE-2021-26899

High

Unknown

Unknown

Unknown

Unknown

CVE-2021-26899

Description

Add Assessment

Ratings

CVSS V3 Severity and Metrics

General Information

Vendors

Products

Exploited in the Wild

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification