CVE-2021-1647 - Vulnerability Details

Microsoft Defender Remote Code Execution Vulnerability

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since Nov. 3, 2021.

Exploitation active

Automatable no

Technical Impact total

Vendors	Products
Microsoft	Security Essentials System Center Endpoint Protection Windows 10 1507 Windows 10 1607 Windows 10 1803 Windows 10 1809 Windows 10 1909 Windows 10 2004 Windows 10 20h2 Windows 7 Windows 8.1 Windows Defender Windows Rt 8.1 Windows Server 1909 Windows Server 2004 Windows Server 2008 Windows Server 2012 Windows Server 2016 Windows Server 2019 Windows Server 20h2

Configuration 1 [-]

AND

cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:microsoft:windows_10_1507:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1607:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1803:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1809:-:::::::*
	cpe:2.3:o:microsoft:windows_10_1909:-:::::::*
	cpe:2.3:o:microsoft:windows_10_2004:-:::::::*
	cpe:2.3:o:microsoft:windows_10_20h2:-:::::::*
	cpe:2.3:o:microsoft:windows_7:-:sp1::::::
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_rt_8.1:-:::::::*
	cpe:2.3:o:microsoft:windows_server_1909:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2004:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2008:-:sp2::::::
	cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:::::x64:*
	cpe:2.3:o:microsoft:windows_server_2012:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2012:r2:::::::*
	cpe:2.3:o:microsoft:windows_server_2016:-:::::::*
	cpe:2.3:o:microsoft:windows_server_2019:-:::::::*
	cpe:2.3:o:microsoft:windows_server_20h2:-:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:microsoft:security_essentials:-:::::::*
	cpe:2.3:a:microsoft:system_center_endpoint_protection:-:::::::*
	cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-::::::
	cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2::::::

No data.

References

Link	Providers
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647

History

Tue, 04 Feb 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2021-11-03'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647

Wed, 09 Oct 2024 15:00:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-20	NVD-CWE-noinfo

Tue, 08 Oct 2024 17:45:00 +0000

Type	Values Removed	Values Added
References	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647

Tue, 08 Oct 2024 16:30:00 +0000

Type	Values Removed	Values Added
References		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647

MITRE

Status: PUBLISHED

Assigner: microsoft

Published: 2021-01-12T19:42:01.000Z

Updated: 2025-02-04T19:24:39.285Z

Reserved: 2020-12-02T00:00:00.000Z

Link: CVE-2021-1647

Vulnrichment

Updated: 2024-08-03T16:18:11.008Z

NVD

Status : Modified

Published: 2021-01-12T20:15:30.727

Modified: 2024-11-21T05:44:48.307

Link: CVE-2021-1647

Redhat

No data.

{"containers": {"cna": {"title": "Microsoft Defender Remote Code Execution Vulnerability", "datePublic": "2021-01-12T08:00:00.000Z", "affected": [{"vendor": "Microsoft", "product": "Microsoft System Center Endpoint Protection", "cpes": ["cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft System Center 2012 R2 Endpoint Protection", "cpes": ["cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft Security Essentials", "cpes": ["cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Microsoft System Center 2012 Endpoint Protection", "cpes": ["cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*"], "platforms": ["Unknown"], "versions": [{"version": "N/A", "status": "affected"}]}, {"vendor": "Microsoft", "product": "Windows Defender", "cpes": ["cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*"], "platforms": ["Windows 10 Version 1803 for 32-bit Systems", "Windows 10 Version 1803 for x64-based Systems", "Windows 10 Version 1803 for ARM64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1909 for 32-bit Systems", "Windows 10 Version 1909 for x64-based Systems", "Windows 10 Version 1909 for ARM64-based Systems", "Windows Server, version 1909 (Server Core installation)", "Windows 10 Version 2004 for 32-bit Systems", "Windows 10 Version 2004 for ARM64-based Systems", "Windows 10 Version 2004 for x64-based Systems", "Windows Server, version 2004 (Server Core installation)", "Windows 10 Version 20H2 for 32-bit Systems", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows Server, version 20H2 (Server Core Installation)", "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 7 for 32-bit Systems Service Pack 1", "Windows 7 for x64-based Systems Service Pack 1", "Windows 8.1 for 32-bit systems", "Windows 8.1 for x64-based systems", "Windows RT 8.1", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)"], "versions": [{"version": "N/A", "status": "affected"}]}], "descriptions": [{"value": "Microsoft Defender Remote Code Execution Vulnerability", "lang": "en-US"}], "problemTypes": [{"descriptions": [{"description": "Remote Code Execution", "lang": "en-US", "type": "Impact"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-10-08T16:17:02.566Z"}, "references": [{"name": "Microsoft Defender Remote Code Execution Vulnerability", "tags": ["vendor-advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "baseSeverity": "HIGH", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:18:11.008Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1647", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-24T15:56:07.173473Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1647"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T19:24:39.285Z"}}]}, "cveMetadata": {"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "assignerShortName": "microsoft", "cveId": "CVE-2021-1647", "datePublished": "2021-01-12T19:42:01.000Z", "dateReserved": "2020-12-02T00:00:00.000Z", "dateUpdated": "2025-02-04T19:24:39.285Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T16:18:11.008Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-1647", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-01-24T15:56:07.173473Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1647"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-noinfo Not enough information"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T19:22:35.635Z"}}], "cna": {"title": "Microsoft Defender Remote Code Execution Vulnerability", "metrics": [{"format": "CVSS", "cvssV3_1": {"version": "3.1", "baseScore": 7.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"cpes": ["cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft System Center Endpoint Protection", "versions": [{"status": "affected", "version": "N/A"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft System Center 2012 R2 Endpoint Protection", "versions": [{"status": "affected", "version": "N/A"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft Security Essentials", "versions": [{"status": "affected", "version": "N/A"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Microsoft System Center 2012 Endpoint Protection", "versions": [{"status": "affected", "version": "N/A"}], "platforms": ["Unknown"]}, {"cpes": ["cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*"], "vendor": "Microsoft", "product": "Windows Defender", "versions": [{"status": "affected", "version": "N/A"}], "platforms": ["Windows 10 Version 1803 for 32-bit Systems", "Windows 10 Version 1803 for x64-based Systems", "Windows 10 Version 1803 for ARM64-based Systems", "Windows 10 Version 1809 for 32-bit Systems", "Windows 10 Version 1809 for x64-based Systems", "Windows 10 Version 1809 for ARM64-based Systems", "Windows Server 2019", "Windows Server 2019 (Server Core installation)", "Windows 10 Version 1909 for 32-bit Systems", "Windows 10 Version 1909 for x64-based Systems", "Windows 10 Version 1909 for ARM64-based Systems", "Windows Server, version 1909 (Server Core installation)", "Windows 10 Version 2004 for 32-bit Systems", "Windows 10 Version 2004 for ARM64-based Systems", "Windows 10 Version 2004 for x64-based Systems", "Windows Server, version 2004 (Server Core installation)", "Windows 10 Version 20H2 for 32-bit Systems", "Windows 10 Version 20H2 for ARM64-based Systems", "Windows Server, version 20H2 (Server Core Installation)", "Windows 10 for 32-bit Systems", "Windows 10 for x64-based Systems", "Windows 10 Version 1607 for 32-bit Systems", "Windows 10 Version 1607 for x64-based Systems", "Windows Server 2016", "Windows Server 2016 (Server Core installation)", "Windows 7 for 32-bit Systems Service Pack 1", "Windows 7 for x64-based Systems Service Pack 1", "Windows 8.1 for 32-bit systems", "Windows 8.1 for x64-based systems", "Windows RT 8.1", "Windows Server 2008 for 32-bit Systems Service Pack 2", "Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)", "Windows Server 2008 R2 for x64-based Systems Service Pack 1", "Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)", "Windows Server 2012", "Windows Server 2012 (Server Core installation)", "Windows Server 2012 R2", "Windows Server 2012 R2 (Server Core installation)"]}], "datePublic": "2021-01-12T08:00:00.000Z", "references": [{"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647", "name": "Microsoft Defender Remote Code Execution Vulnerability", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en-US", "value": "Microsoft Defender Remote Code Execution Vulnerability"}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "Impact", "description": "Remote Code Execution"}]}], "providerMetadata": {"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "shortName": "microsoft", "dateUpdated": "2024-10-08T16:17:02.566Z"}}}, "cveMetadata": {"cveId": "CVE-2021-1647", "state": "PUBLISHED", "dateUpdated": "2025-02-04T19:24:39.285Z", "dateReserved": "2020-12-02T00:00:00.000Z", "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8", "datePublished": "2021-01-12T19:42:01.000Z", "assignerShortName": "microsoft"}, "dataVersion": "5.1"}

{"cisaActionDue": "2021-11-17", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Microsoft Defender Remote Code Execution Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:windows_defender:-:*:*:*:*:*:*:*", "matchCriteriaId": "794244D1-F317-44C8-8338-3DA74E71D4B0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:*:*", "matchCriteriaId": "542DAEEC-73CC-46C6-A630-BF474A3446AC", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:*:*", "matchCriteriaId": "61019899-D7AF-46E4-A72C-D189180F66AB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:*:*", "matchCriteriaId": "00345596-E9E0-4096-8DC6-0212F4747A13", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1809:-:*:*:*:*:*:*:*", "matchCriteriaId": "2E332666-2E03-468E-BC30-299816D6E8ED", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:*:*", "matchCriteriaId": "A1B570A8-ED1A-46B6-B8AB-064445F8FC4C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_2004:-:*:*:*:*:*:*:*", "matchCriteriaId": "D4DBE5B2-AE10-4251-BCDA-DC5EDEE6EE67", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_10_20h2:-:*:*:*:*:*:*:*", "matchCriteriaId": "6AFD13A6-A390-4400-9029-2F4058CA17E2", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*", "matchCriteriaId": "C2B1C231-DE19-4B8F-A4AA-5B3A65276E46", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6CE5198-C498-4672-AF4C-77AB4BE06C5C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*", "matchCriteriaId": "ADE7E7B1-64AC-4986-A50B-0918A42C05BB", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2004:-:*:*:*:*:*:*:*", "matchCriteriaId": "62224791-644C-4D1F-AD77-56B16CF27630", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*", "matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*", "matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_server_20h2:-:*:*:*:*:*:*:*", "matchCriteriaId": "84F9B6B1-4FEE-4D4B-B35F-B07822CCD669", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:microsoft:security_essentials:-:*:*:*:*:*:*:*", "matchCriteriaId": "20FBA682-B703-4590-98E4-8897EED11DE0", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:-:*:*:*:*:*:*:*", "matchCriteriaId": "194DE421-9536-4001-9A27-6C88805421EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:-:*:*:*:*:*:*", "matchCriteriaId": "410C8132-8953-4A2E-AF04-BBB4044BA64C", "vulnerable": true}, {"criteria": "cpe:2.3:a:microsoft:system_center_endpoint_protection:2012:r2:*:*:*:*:*:*", "matchCriteriaId": "D2D1AAB8-A55D-404A-A431-7F4A0201F488", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Microsoft Defender Remote Code Execution Vulnerability"}, {"lang": "es", "value": "Una Vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota de Microsoft Defender"}], "id": "CVE-2021-1647", "lastModified": "2024-11-21T05:44:48.307", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "secure@microsoft.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Secondary"}]}, "published": "2021-01-12T20:15:30.727", "references": [{"source": "secure@microsoft.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1647"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1647"}], "sourceIdentifier": "secure@microsoft.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable no

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object