5.5
CVE-2021-31955
- EPSS 14.56%
- Veröffentlicht 08.06.2021 23:15:08
- Zuletzt bearbeitet 07.03.2025 21:54:07
- Quelle secure@microsoft.com
- Teams Watchlist Login
- Unerledigt Login
Windows Kernel Information Disclosure Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Microsoft ≫ Windows 10 1809 Version < 10.0.17763.1999
Microsoft ≫ Windows 10 1909 Version < 10.0.18363.1621
Microsoft ≫ Windows 10 2004 Version < 10.0.19041.1052
Microsoft ≫ Windows 10 20h2 Version < 10.0.19042.1052
Microsoft ≫ Windows 10 21h1 Version < 10.0.19043.1052
Microsoft ≫ Windows Server 2004 Version < 10.0.19041.1052
Microsoft ≫ Windows Server 2019 Version < 10.0.17763.1999
Microsoft ≫ Windows Server 20h2 Version < 10.0.19042.1052
03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog
Microsoft Windows Kernel Information Disclosure Vulnerability
SchwachstelleMicrosoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.56% | 0.942 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:P/I:N/A:N
|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| secure@microsoft.com | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere
The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.