Details of VAR-202106-1493

ID

VAR-202106-1493

CVE

CVE-2021-31199

TITLE

plural Microsoft Windows Elevated authority vulnerabilities in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-001948

DESCRIPTION

Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability. This vulnerability is CVE-2021-31201 Is a different vulnerability.You may be elevated. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Microsoft Cryptographic是美国微软（Microsoft）公司的一个加密服务. Windows Cryptographic Services存在安全漏洞。以下产品和版本受到影响：Windows 10 Version 1809 for 32-bit Systems,Windows 10 Version 1809 for x64-based Systems,Windows 10 Version 1809 for ARM64-based Systems,Windows Server 2019,Windows Server 2019 (Server Core installation),Windows 10 Version 1909 for 32-bit Systems,Windows 10 Version 1909 for x64-based Systems,Windows 10 Version 1909 for ARM64-based Systems,Windows 10 Version 21H1 for x64-based Systems,Windows 10 Version 21H1 for ARM64-based Systems,Windows 10 Version 21H1 for 32-bit Systems,Windows 10 Version 2004 for 32-bit Systems,Windows 10 Version 2004 for ARM64-based Systems,Windows 10 Version 2004 for x64-based Systems,Windows Server, version 2004 (Server Core installation),Windows 10 Version 20H2 for x64-based Systems,Windows 10 Version 20H2 for 32-bit Systems,Windows Server 2016 (Server Core installation),Windows 7 for 32-bit Systems Service Pack 1,Windows 7 for x64-based Systems Service Pack 1,Windows 8.1 for 32-bit systems,Windows 8.1 for x64-based systems,Windows RT 8.1,Windows 10 Version 20H2 for ARM64-based Systems,Windows Server, version 20H2 (Server Core Installation),Windows Server 2008 for 32-bit Systems Service Pack 2,Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation),Windows Server 2008 for x64-based Systems Service Pack 2,Windows 10 for 32-bit Systems,Windows 10 for x64-based Systems,Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation),Windows Server 2012 (Server Core installation),Windows Server 2012 R2,Windows Server 2012 R2 (Server Core installation),Windows 10 Version 1607 for 32-bit Systems,Windows 10 Version 1607 for x64-based Systems,Windows Server 2016,Windows Server 2008 R2 for x64-based Systems Service Pack 1,Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation),Windows Server 2012,

Trust: 2.79

sources: NVD: CVE-2021-31199 // JVNDB: JVNDB-2021-001948 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-540 // VULMON: CVE-2021-31199

AFFECTED PRODUCTS

vendor:	microsoft	model:	windows 10 21h1	scope:	lt	version:	10.0.19043.1052	Trust: 1.0
vendor:	microsoft	model:	windows 10 1909	scope:	lt	version:	10.0.18363.1621	Trust: 1.0
vendor:	microsoft	model:	windows 10 2004	scope:	lt	version:	10.0.19041.1052	Trust: 1.0
vendor:	microsoft	model:	windows 7	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2016	scope:	lt	version:	10.0.14393.4467	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	r2	Trust: 1.0
vendor:	microsoft	model:	windows 10 1809	scope:	lt	version:	10.0.17763.1999	Trust: 1.0
vendor:	microsoft	model:	windows server 20h2	scope:	lt	version:	10.0.19042.1052	Trust: 1.0
vendor:	microsoft	model:	windows 10 1507	scope:	lt	version:	10.0.10240.18967	Trust: 1.0
vendor:	microsoft	model:	windows server 2004	scope:	lt	version:	10.0.19041.1052	Trust: 1.0
vendor:	microsoft	model:	windows rt 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows 10 20h2	scope:	lt	version:	10.0.19042.1052	Trust: 1.0
vendor:	microsoft	model:	windows server 2008	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2012	scope:	eq	version:	-	Trust: 1.0
vendor:	microsoft	model:	windows server 2019	scope:	lt	version:	10.0.17763.1999	Trust: 1.0
vendor:	microsoft	model:	windows 10 1607	scope:	lt	version:	10.0.14393.4467	Trust: 1.0
vendor:	microsoft	model:	windows 8.1	scope:	eq	version:	-	Trust: 1.0
vendor:	マイクロソフト	model:	microsoft windows rt 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 r2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	20h2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2019	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2019 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 7	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2008	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2016	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2019	scope:	eq	version:	(server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2012	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 r2 for x64-based systems sp1	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for x64-based systems sp2	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 r2 for x64-based systems sp1 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 8.1	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2016	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows 10	scope:	-	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for 32-bit systems sp2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server 2019	scope:	eq	version:	-	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2004 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for x64-based systems sp2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2016 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012 r2 (server core installation)	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2012	Trust: 0.8
vendor:	マイクロソフト	model:	microsoft windows server	scope:	eq	version:	2008 for 32-bit systems sp2	Trust: 0.8

sources: JVNDB: JVNDB-2021-001948 // NVD: CVE-2021-31199

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2021-31199
value:	HIGH
Trust: 1.8
secure@microsoft.com:	CVE-2021-31199
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202106-540
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-31199
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	FALSE
version:	2.0
Trust: 1.0
NVD:	CVE-2021-31199
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.9

NVD:
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
secure@microsoft.com:
baseSeverity:	MEDIUM
baseScore:	5.2
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.0
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2021-31199
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULMON: CVE-2021-31199 // JVNDB: JVNDB-2021-001948 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-540 // NVD: CVE-2021-31199 // NVD: CVE-2021-31199

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Improper authority management (CWE-269) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-001948 // NVD: CVE-2021-31199

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-540

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

CONFIGURATIONS

sources: NVD: CVE-2021-31199

PATCH

title:	Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability Security Update Guide	url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-31199	Trust: 0.8
title:	Windows Cryptographic Services Fixes for permissions and access control issues vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=154276	Trust: 0.6
title:	Known Exploited Vulnerabilities Detector	url:	https://github.com/ostorlab/kev	Trust: 0.1

sources: VULMON: CVE-2021-31199 // JVNDB: JVNDB-2021-001948 // CNNVD: CNNVD-202106-540

EXTERNAL IDS

db:	NVD	id:	CVE-2021-31199	Trust: 2.5
db:	JVNDB	id:	JVNDB-2021-001948	Trust: 0.8
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021060830	Trust: 0.6
db:	CNNVD	id:	CNNVD-202106-540	Trust: 0.6
db:	VULMON	id:	CVE-2021-31199	Trust: 0.1

sources: VULMON: CVE-2021-31199 // JVNDB: JVNDB-2021-001948 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-540 // NVD: CVE-2021-31199

REFERENCES

url:	https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2021-31199	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-31199	Trust: 0.8
url:	https://www.ipa.go.jp/security/ciadr/vul/20210609-ms.html	Trust: 0.8
url:	https://www.jpcert.or.jp/at/2021/at210027.html	Trust: 0.8
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://msrc.microsoft.com/update-guide/vulnerability/cve-2021-31199	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021060830	Trust: 0.6
url:	https://vigilance.fr/vulnerability/windows-vulnerabilities-of-june-2021-35662	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://github.com/ostorlab/kev	Trust: 0.1

sources: VULMON: CVE-2021-31199 // JVNDB: JVNDB-2021-001948 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202106-540 // NVD: CVE-2021-31199

SOURCES

db:	VULMON	id:	CVE-2021-31199
db:	JVNDB	id:	JVNDB-2021-001948
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202106-540
db:	NVD	id:	CVE-2021-31199

LAST UPDATE DATE

2024-07-30T19:25:31.830000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-31199	date:	2023-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-001948	date:	2021-07-05T09:13:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202106-540	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-31199	date:	2024-07-29T18:06:29.307

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-31199	date:	2021-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-001948	date:	2021-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202106-540	date:	2021-06-08T00:00:00
db:	NVD	id:	CVE-2021-31199	date:	2021-06-08T23:15:08.360