CVE-2021-1652 — Improper Privilege Management in Microsoft Windows 10 Version 1507

CWE-269 — Improper Privilege Management CWE-369 — Divide By Zero5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.3%

top 49.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 10 Version 1507 Microsoft Windows 10 Version 1607 Microsoft Windows 10 Version 1803 +17 more

Timeline

PublishedJan 12

Latest updateMay 24

Description

Windows CSC Service Elevation of Privilege Vulnerability

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages20 packages

▶CVEListV5microsoft/windows_7_service_pack_16.1.0 — publication

▶CVEListV5microsoft/windows_server_2008_service_pack_26.0.0 — publication

▶CVEListV5microsoft/windows_server_2008_r2_service_pack_16.1.0 — publication+1

▶CVEListV5microsoft/windows_76.1.0 — publication

▶CVEListV5microsoft/windows_8.16.3.0 — publication

🔴Vulnerability Details

GHSA

GHSA-xwjc-4jxh-j5p8: Windows CSC Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1653, CVE-2021-1654, CVE-2021-1655, CVE-2021-1659, CVE-20↗2022-05-24

▶

GHSA

Integer division by 0 in `tf.raw_ops.AllToAll`↗2021-11-10

▶

CVEList

Windows CSC Service Elevation of Privilege Vulnerability↗2021-01-12

▶

📋Vendor Advisories

Microsoft

Windows CSC Service Elevation of Privilege Vulnerability↗2021-01-12

▶