cbcvebase.
CVE-2021-31166
published 2021-05-11

CVE-2021-31166: HTTP Protocol Stack Remote Code Execution Vulnerability

critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-04-27
Exploited in the wild
HTTP Protocol Stack Remote Code Execution Vulnerability

Affected

15 ranges
VendorProductVersion rangeFixed in
microsoftwindows_10_2004< 10.0.19041.98210.0.19041.982
microsoftwindows_10_20h2< 10.0.19042.98210.0.19042.982
microsoftwindows_10_version_2004>= 10.0.0 < 10.0.19041.98210.0.19041.982
microsoftwindows_10_version_20h2>= 10.0.0 < 10.0.19042.98210.0.19042.982
microsoftwindows_server_2004< 10.0.19041.98210.0.19041.982
microsoftwindows_server_20h2< 10.0.19042.98210.0.19042.982
microsoftwindows_server_version_2004>= 10.0.0 < 10.0.19041.98210.0.19041.982
microsoftwindows_server_version_20h2>= 10.0.0 < 10.0.19042.98210.0.19042.982
msrcwindows_10_version_2004_for_32-bit_systems
msrcwindows_10_version_2004_for_arm64-based_systems
msrcwindows_10_version_2004_for_x64-based_systems
msrcwindows_10_version_20h2_for_32-bit_systems
msrcwindows_10_version_20h2_for_arm64-based_systems
msrcwindows_server_version_2004
msrcwindows_server_version_20h2

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL