ID

VAR-202106-0639


CVE

CVE-2021-1675


TITLE

Microsoft Windows Print Spooler allows for RCE via AddPrinterDriverEx()

Trust: 0.8

sources: CERT/CC: VU#383432

DESCRIPTION

Windows Print Spooler Remote Code Execution Vulnerability. The Microsoft Windows Print Spooler service fails to restrict access to functionality that allows users to add printers and related drivers, which can allow a remote authenticated attacker to execute arbitrary code with SYSTEM privileges on a vulnerable system.CVE-2021-1675 Affected CVE-2021-34527 AffectedCVE-2021-1675 Affected CVE-2021-34527 Affected. Attackers can use this vulnerability to elevate permissions. Microsoft Windows是美国微软(Microsoft)公司的一套个人设备使用的操作系统. Windows Print Spooler Components存在安全漏洞。以下产品和版本受到影响:Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2016 (Server Core installation),Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows 10 Version 20H2 for ARM64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows RT 8.1,Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2008 R2 for x64-based Systems Service Pack 1,. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 4.05

sources: NVD: CVE-2021-1675 // CERT/CC: VU#383432 // JVNDB: JVNDB-2021-001920 // CNVD: CNVD-2021-48427 // CNNVD: CNNVD-202106-513 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1675

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-48427

AFFECTED PRODUCTS

vendor:microsoftmodel:windows 10 1909scope:ltversion:10.0.18363.1621

Trust: 1.0

vendor:microsoftmodel:windows 10 20h2scope:ltversion:10.0.19042.1052

Trust: 1.0

vendor:microsoftmodel:windows 10 21h1scope:ltversion:10.0.19043.1052

Trust: 1.0

vendor:microsoftmodel:windows 10 1809scope:ltversion:10.0.17763.1999

Trust: 1.0

vendor:microsoftmodel:windows 8.1scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows 10 2004scope:ltversion:10.0.19041.1052

Trust: 1.0

vendor:microsoftmodel:windows server 2004scope:ltversion:10.0.19041.1052

Trust: 1.0

vendor:microsoftmodel:windows server 2016scope:ltversion:10.0.14393.4467

Trust: 1.0

vendor:microsoftmodel:windows server 2012scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2012scope:eqversion:r2

Trust: 1.0

vendor:microsoftmodel:windows 10 1607scope:ltversion:10.0.14393.4467

Trust: 1.0

vendor:microsoftmodel:windows 10 1507scope:ltversion:10.0.10240.18967

Trust: 1.0

vendor:microsoftmodel:windows server 2008scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows rt 8.1scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2019scope:ltversion:10.0.17763.1999

Trust: 1.0

vendor:microsoftmodel:windows 7scope:eqversion: -

Trust: 1.0

vendor:microsoftmodel:windows server 2008scope:eqversion:r2

Trust: 1.0

vendor:マイクロソフトmodel:microsoft windows rt 8.1scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 r2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:20h2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2019

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2019 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 7scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2008scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2016scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2019scope:eqversion:(server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2012scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 r2 for x64-based systems sp1

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for x64-based systems sp2

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 r2 for x64-based systems sp1 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 8.1scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2016

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows 10scope: - version: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for 32-bit systems sp2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows server 2019scope:eqversion: -

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2004 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for x64-based systems sp2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2016 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012 r2 (server core installation)

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2012

Trust: 0.8

vendor:マイクロソフトmodel:microsoft windows serverscope:eqversion:2008 for 32-bit systems sp2

Trust: 0.8

vendor:microsoftmodel:windows rtscope:eqversion:8.1

Trust: 0.6

vendor:microsoftmodel:windows serverscope:eqversion:2012

Trust: 0.6

vendor:microsoftmodel:windows serverscope:eqversion:2016

Trust: 0.6

vendor:microsoftmodel:windows server r2scope:eqversion:2012

Trust: 0.6

vendor:microsoftmodel:windows for x64-based systems sp1scope:eqversion:7

Trust: 0.6

vendor:microsoftmodel:windows for 32-bit systems sp1scope:eqversion:7

Trust: 0.6

vendor:microsoftmodel:windows for 32-bit systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows serverscope:eqversion:2019

Trust: 0.6

vendor:microsoftmodel:windows server 20h2 (server core instascope: - version: -

Trust: 0.6

vendor:microsoftmodel:windows server (server core instascope:eqversion:2004

Trust: 0.6

vendor:microsoftmodel:windows server r2 (server core inscope:eqversion:2012

Trust: 0.6

vendor:microsoftmodel:windows server (server core instascope:eqversion:2012

Trust: 0.6

vendor:microsoftmodel:windows server (server core instascope:eqversion:2016

Trust: 0.6

vendor:microsoftmodel:windows server (server core instascope:eqversion:2019

Trust: 0.6

vendor:microsoftmodel:windows 21h1 for x64-based systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows for x64-based systemsscope:eqversion:101607

Trust: 0.6

vendor:microsoftmodel:windows for x64-based systemsscope:eqversion:101909

Trust: 0.6

vendor:microsoftmodel:windows for x64-based systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows 20h2 for x64-based systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows for x64-based systemsscope:eqversion:102004

Trust: 0.6

vendor:microsoftmodel:windows for 32-bit systemsscope:eqversion:102004

Trust: 0.6

vendor:microsoftmodel:windows 21h1 for 32-bit systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows 20h2 for 32-bit systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows for x64-based systemsscope:eqversion:8.1

Trust: 0.6

vendor:microsoftmodel:windows 20h2 for arm64-based systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows for 32-bit systemsscope:eqversion:101909

Trust: 0.6

vendor:microsoftmodel:windows for 32-bit systemsscope:eqversion:101607

Trust: 0.6

vendor:microsoftmodel:windows server for x64-based systscope:eqversion:2008

Trust: 0.6

vendor:microsoftmodel:windows for arm64-based systemsscope:eqversion:101909

Trust: 0.6

vendor:microsoftmodel:windows for 32-bit systemsscope:eqversion:8.1

Trust: 0.6

vendor:microsoftmodel:windows server r2 for x64-based sscope:eqversion:2008

Trust: 0.6

vendor:microsoftmodel:windows server for 32-bit systemsscope:eqversion:2008

Trust: 0.6

vendor:microsoftmodel:windows 21h1 for arm64-based systemsscope:eqversion:10

Trust: 0.6

vendor:microsoftmodel:windows for arm64-based systemsscope:eqversion:102004

Trust: 0.6

sources: CNVD: CNVD-2021-48427 // JVNDB: JVNDB-2021-001920 // NVD: CVE-2021-1675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1675
value: HIGH

Trust: 1.0

secure@microsoft.com: CVE-2021-1675
value: HIGH

Trust: 1.0

NVD: CVE-2021-1675
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-48427
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202106-513
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-1675
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1675
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: CVE-2021-1675
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2021-48427
severity: HIGH
baseScore: 9.7
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 9.5
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1675
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 2.0

NVD: CVE-2021-1675
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-48427 // VULMON: CVE-2021-1675 // JVNDB: JVNDB-2021-001920 // CNNVD: CNNVD-202106-513 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1675 // NVD: CVE-2021-1675

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:Improper authority management (CWE-269) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-001920 // NVD: CVE-2021-1675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-513

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-202106-513

PATCH

title:Windows Print Spooler Remote Code Execution Vulnerability Security Update Guideurl:https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1675

Trust: 0.8

title:Patch for Microsoft Windows Print Spooler Privilege Escalation Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/277191

Trust: 0.6

title:Windows Print Spooler Components Fixes for permissions and access control issues vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154263

Trust: 0.6

title:Print-Nightmare-LPEurl:https://github.com/gyaansastra/Print-Nightmare-LPE

Trust: 0.1

title:CVE-2021-1675-PrintNightmareurl:https://github.com/killtr0/CVE-2021-1675-PrintNightmare

Trust: 0.1

title: - url:https://github.com/nathanealm/PrintNightmare-Exploit

Trust: 0.1

title:docker-printernightmareurl:https://github.com/real-acmkan/docker-printernightmare

Trust: 0.1

title:calebstewart-CVE-2021-1675url:https://github.com/mtthwstffrd/calebstewart-CVE-2021-1675

Trust: 0.1

title:Microsoft-CVE-2021-1675url:https://github.com/thalpius/Microsoft-CVE-2021-1675

Trust: 0.1

title:CVE-2021-1675url:https://github.com/thomasgeens/CVE-2021-1675

Trust: 0.1

title:fghdgfurl:https://github.com/testtesttest55555/fghdgf

Trust: 0.1

title:OSCPurl:https://github.com/ciwen3/OSCP

Trust: 0.1

title:CVE-2021-1675-LPEurl:https://github.com/hlldz/CVE-2021-1675-LPE

Trust: 0.1

title:CVE-2021-1675-Mitigation-For-Systems-That-Need-Spoolerurl:https://github.com/gohrenberg/CVE-2021-1675-Mitigation-For-Systems-That-Need-Spooler

Trust: 0.1

title:SharpPNurl:https://github.com/Wra7h/SharpPN_CVE-2021-1675

Trust: 0.1

title:FullstackAcademy-Printernightmare-writeup-2105-E.C.A.R.url:https://github.com/Sirius-RJ/FullstackAcademy-Printernightmare-writeup-2105-E.C.A.R.

Trust: 0.1

title:CVE-2021-1675url:https://github.com/LaresLLC/CVE-2021-1675

Trust: 0.1

title:SharpPNurl:https://github.com/Wra7h/SharpPN

Trust: 0.1

title:CVE-2021-1675url:https://github.com/Winter3un/CVE-2021-1675

Trust: 0.1

sources: CNVD: CNVD-2021-48427 // VULMON: CVE-2021-1675 // JVNDB: JVNDB-2021-001920 // CNNVD: CNNVD-202106-513

EXTERNAL IDS

db:NVDid:CVE-2021-1675

Trust: 3.9

db:CERT/CCid:VU#383432

Trust: 3.2

db:PACKETSTORMid:167261

Trust: 1.6

db:PACKETSTORMid:163349

Trust: 1.6

db:PACKETSTORMid:163351

Trust: 1.6

db:JVNDBid:JVNDB-2021-001920

Trust: 0.8

db:CNVDid:CNVD-2021-48427

Trust: 0.6

db:CS-HELPid:SB2021060813

Trust: 0.6

db:CXSECURITYid:WLB-2022050084

Trust: 0.6

db:CNNVDid:CNNVD-202106-513

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:VULMONid:CVE-2021-1675

Trust: 0.1

sources: CERT/CC: VU#383432 // CNVD: CNVD-2021-48427 // VULMON: CVE-2021-1675 // JVNDB: JVNDB-2021-001920 // CNNVD: CNNVD-202106-513 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1675

REFERENCES

url:https://www.kb.cert.org/vuls/id/383432

Trust: 2.4

url:http://packetstormsecurity.com/files/163349/microsoft-printnightmare-proof-of-concept.html

Trust: 2.2

url:http://packetstormsecurity.com/files/167261/print-spooler-remote-dll-injection.html

Trust: 2.2

url:https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-1675

Trust: 1.6

url:http://packetstormsecurity.com/files/163351/printnightmare-windows-spooler-service-remote-code-execution.html

Trust: 1.6

url:cve-2021-1675

Trust: 0.8

url:cve-2021-34527

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-1675

Trust: 0.8

url:https://www.ipa.go.jp/security/ciadr/vul/20210609-ms.html

Trust: 0.8

url:https://www.jpcert.or.jp/at/2021/at210027.html

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021060813

Trust: 0.6

url:https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-1675

Trust: 0.6

url:https://cxsecurity.com/issue/wlb-2022050084

Trust: 0.6

url:https://vigilance.fr/vulnerability/windows-privilege-escalation-via-print-spooler-rpcaddprinterdriverex-35806

Trust: 0.6

url:https://vigilance.fr/vulnerability/windows-vulnerabilities-of-june-2021-35662

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

sources: CERT/CC: VU#383432 // JVNDB: JVNDB-2021-001920 // CNNVD: CNNVD-202106-513 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-1675

CREDITS

This document was written by Will Dormann.We have not received a statement from the vendor.

Trust: 0.8

sources: CERT/CC: VU#383432

SOURCES

db:CERT/CCid:VU#383432
db:CNVDid:CNVD-2021-48427
db:VULMONid:CVE-2021-1675
db:JVNDBid:JVNDB-2021-001920
db:CNNVDid:CNNVD-202106-513
db:CNNVDid:CNNVD-202104-975
db:NVDid:CVE-2021-1675

LAST UPDATE DATE

2024-08-14T12:20:30.393000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#383432date:2021-08-03T00:00:00
db:CNVDid:CNVD-2021-48427date:2021-07-07T00:00:00
db:VULMONid:CVE-2021-1675date:2023-08-08T00:00:00
db:JVNDBid:JVNDB-2021-001920date:2021-07-05T08:20:00
db:CNNVDid:CNNVD-202106-513date:2022-05-26T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:NVDid:CVE-2021-1675date:2024-07-29T17:57:23.260

SOURCES RELEASE DATE

db:CERT/CCid:VU#383432date:2021-06-30T00:00:00
db:CNVDid:CNVD-2021-48427date:2021-07-07T00:00:00
db:VULMONid:CVE-2021-1675date:2021-06-08T00:00:00
db:JVNDBid:JVNDB-2021-001920date:2021-07-05T00:00:00
db:CNNVDid:CNNVD-202106-513date:2021-06-08T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:NVDid:CVE-2021-1675date:2021-06-08T23:15:08.267