cbcvebase.
CVE-2021-42278
published 2021-11-10

CVE-2021-42278: Active Directory Domain Services Elevation of Privilege Vulnerability

high7.5CVSS 3.1
AVNACHPRLUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-02
Exploited in the wild
Active Directory Domain Services Elevation of Privilege Vulnerability

Affected

27 ranges· showing 25
VendorProductVersion rangeFixed in
microsoftwindows_server_2004< 10.0.19041.134810.0.19041.1348
microsoftwindows_server_2008
microsoftwindows_server_2008_r2_service_pack_1>= 6.0.0 < 6.1.7601.257696.1.7601.25769
microsoftwindows_server_2008_r2_service_pack_1>= 6.1.0 < 6.1.7601.257696.1.7601.25769
microsoftwindows_server_2008_service_pack_2>= 6.0.0 < 6.0.6003.212826.0.6003.21282
microsoftwindows_server_2012
microsoftwindows_server_2012>= 6.2.0 < 6.2.9200.235176.2.9200.23517
microsoftwindows_server_2012_r2>= 6.3.0 < 6.3.9600.201746.3.9600.20174
microsoftwindows_server_2016< 10.0.14393.477010.0.14393.4770
microsoftwindows_server_2016>= 10.0.0 < 10.0.14393.477010.0.14393.4770
microsoftwindows_server_2019< 10.0.17763.230010.0.17763.2300
microsoftwindows_server_2019>= 10.0.0 < 10.0.17763.230010.0.17763.2300
microsoftwindows_server_2022< 10.0.20348.35010.0.20348.350
microsoftwindows_server_2022>= 10.0.0 < 10.0.20348.35010.0.20348.350
microsoftwindows_server_20h2< 10.0.19042.134810.0.19042.1348
microsoftwindows_server_version_2004>= 10.0.0 < 10.0.19041.134810.0.19041.1348
microsoftwindows_server_version_20h2>= 10.0.0 < 10.0.19042.134810.0.19042.1348
msrcwindows_server_2008_for_32-bit_systems_service_pack_2
msrcwindows_server_2008_for_x64-based_systems_service_pack_2
msrcwindows_server_2008_r2_for_x64-based_systems_service_pack_1
msrcwindows_server_2012
msrcwindows_server_2012_r2
msrcwindows_server_2016
msrcwindows_server_2019
msrcwindows_server_2022

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
vulncheck7.5HIGH
cisa7.5HIGH