CVE-2021-41366
published 2021-11-10CVE-2021-41366: Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10 | — | — |
| microsoft | windows_10_version_1507 | >= 10.0.0 < 10.0.10240.19119 | 10.0.10240.19119 |
| microsoft | windows_10_version_1607 | >= 10.0.0 < 10.0.14393.4770 | 10.0.14393.4770 |
| microsoft | windows_10_version_1809 | >= 10.0.0 < 10.0.17763.2300 | 10.0.17763.2300 |
| microsoft | windows_10_version_1909 | >= 10.0.0 < 10.0.18363.1916 | 10.0.18363.1916 |
| microsoft | windows_10_version_2004 | >= 10.0.0 < 10.0.19041.1348 | 10.0.19041.1348 |
| microsoft | windows_10_version_20h2 | >= 10.0.0 < 10.0.19042.1348 | 10.0.19042.1348 |
| microsoft | windows_10_version_21h1 | >= 10.0.0 < 10.0.19043.1348 | 10.0.19043.1348 |
| microsoft | windows_11_version_21h2 | >= 10.0.0 < 10.0.22000.318 | 10.0.22000.318 |
| microsoft | windows_8.1 | >= 6.3.0 < 6.3.9600.20174 | 6.3.9600.20174 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.0 < 6.2.9200.23517 | 6.2.9200.23517 |
| microsoft | windows_server_2012_r2 | >= 6.3.0 < 6.3.9600.20174 | 6.3.9600.20174 |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | >= 10.0.0 < 10.0.14393.4770 | 10.0.14393.4770 |
| microsoft | windows_server_2019 | >= 10.0.0 < 10.0.17763.2300 | 10.0.17763.2300 |
| microsoft | windows_server_2022 | >= 10.0.0 < 10.0.20348.350 | 10.0.20348.350 |
| microsoft | windows_server_version_2004 | >= 10.0.0 < 10.0.19041.1348 | 10.0.19041.1348 |
| microsoft | windows_server_version_20h2 | >= 10.0.0 < 10.0.19041.1348 | 10.0.19041.1348 |
Microsoft
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
vendor_msrc·2021-11-09·CVSS 7.8
CVE-2021-41366 [HIGH] Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
Windows Cred SSProvider Protocol: Windows Cred SSProvider Protocol
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007206
Reference: https://support.microsoft.com/help/5007206
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007189
Reference: https://support.microsoft.com/help/5007189
Reference: https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB5007186
Reference: https://support.microsoft.com/help/50071
GHSA
GHSA-f57j-p87h-rp4f: Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-41366 [HIGH] CWE-269 GHSA-f57j-p87h-rp4f: Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
Credential Security Support Provider Protocol (CredSSP) Elevation of Privilege Vulnerability
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-10
Published