CVE-2021-43238

HIGH7.8JSON export Create alert

Description

Windows Remote Access Elevation of Privilege Vulnerability

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Unchanged

Changed

Affected products

Microsoft / windows_10_150710.0.10240.19145 – 10.0.10240.19145
Microsoft / windows_10_150710.0.10240.19145 – 10.0.10240.19145
Microsoft / windows_10_160710.0.14393.4825 – 10.0.14393.4825
Microsoft / windows_10_160710.0.14393.4825 – 10.0.14393.4825
Microsoft / windows_10_180910.0.17763.2366 – 10.0.17763.2366
Microsoft / windows_10_180910.0.17763.2366 – 10.0.17763.2366
Microsoft / windows_10_180910.0.17763.2366 – 10.0.17763.2366
Microsoft / windows_10_180910.0.18363.1977 – 10.0.18363.1977
Microsoft / windows_10_180910.0.19041.1415 – 10.0.19041.1415
Microsoft / windows_10_190910.0.18363.1977 – 10.0.18363.1977
Microsoft / windows_10_190910.0.18363.1977 – 10.0.18363.1977
Microsoft / windows_10_20H210.0.19042.1415 – 10.0.19042.1415
Microsoft / windows_10_20H210.0.19042.1415 – 10.0.19042.1415
Microsoft / windows_10_21H110.0.19043.1415 – 10.0.19043.1415
Microsoft / windows_10_21H110.0.19043.1415 – 10.0.19043.1415
Microsoft / windows_10_21H110.0.19043.1415 – 10.0.19043.1415
Microsoft / windows_10_21H210.0.19044.1415 – 10.0.19044.1415
Microsoft / windows_10_21H210.0.19044.1415 – 10.0.19044.1415
Microsoft / windows_10_21H210.0.19044.1415 – 10.0.19044.1415
Microsoft / windows_11_21H210.0.22000.376 – 10.0.22000.376
Microsoft / windows_11_21H210.0.22000.376 – 10.0.22000.376
Microsoft / Windows 76.1.7601.25796 – 6.1.7601.25796
Microsoft / Windows 76.1.7601.25796 – 6.1.7601.25796
Microsoft / Windows 8.16.3.9600.20207 – 6.3.9600.20207
Microsoft / Windows 8.16.3.9600.20207 – 6.3.9600.20207
Microsoft / windows_rt_8.16.3.9600.20207 – 6.3.9600.20207
Microsoft / windows_server_200410.0.19041.1415 – 10.0.19041.1415
Microsoft / windows_server_2008_R26.1.7601.25796 – 6.1.7601.25796
Microsoft / windows_server_2008_sp26.0.6003.21309 – 6.0.6003.21309
Microsoft / windows_server_2008_sp26.0.6003.21309 – 6.0.6003.21309
Microsoft / Windows Server 20126.2.9200.23540 – 6.2.9200.23540
Microsoft / Windows Server 20126.2.9200.23545 – 6.2.9200.23545
Microsoft / Windows Server 2012 R26.3.9600.20207 – 6.3.9600.20207
Microsoft / Windows Server 201610.0.14393.4825 – 10.0.14393.4825
Microsoft / Windows Server 201910.0.17763.2366 – 10.0.17763.2366
Microsoft / Windows Server 202210.0.20348.405 – 10.0.20348.405
Microsoft / windows_server_20H210.0.19042.1415 – 10.0.19042.1415

References

VENDOR_ADVISORYhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43238
VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-22-019/