⚠ Actively exploited
Added to CISA KEV on 2022-02-10. Federal agencies required to patch by 2022-02-24. Required action: Apply updates per vendor instructions..
CVE-2021-36934
Severity
7.8HIGH
EPSS
90.2%
top 0.41%
CISA KEV
KEV
Added 2022-02-10
Due 2022-02-24
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedJul 22
KEV addedFeb 10
KEV dueFeb 24
CISA Required Action: Apply updates per vendor instructions.
Description
An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
An attacker must have the ability to execute code on a victim system to exploit this vulne…
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages10 packages
Patches
🔴Vulnerability Details
2💥Exploits & PoCs
1Nuclei▶
MOVEit Transfer - SQL Injection