CVE-2021-36942 (GCVE-0-2021-36942)
Vulnerability from cvelistv5 – Published: 2021-08-12 18:12 – Updated: 2025-10-21 23:25Title
Windows LSA Spoofing Vulnerability
Summary
Windows LSA Spoofing Vulnerability
Severity
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- Spoofing
- CWE-noinfo Not enough information
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://www.kb.cert.org/vuls/id/405600 | third-party-advisoryx_refsource_CERT-VN |
| https://portal.msrc.microsoft.com/en-US/security-… | x_refsource_MISC |
| https://www.cisa.gov/known-exploited-vulnerabilit… | government-resource |
Impacted products
15 products
| Vendor | Product | Version | |
|---|---|---|---|
| Microsoft | Windows Server 2019 |
Affected:
10.0.0 , < 10.0.17763.2114
(custom)
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2019 (Server Core installation) |
Affected:
10.0.0 , < 10.0.17763.2114
(custom)
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server version 2004 |
Affected:
10.0.0 , < 10.0.19041.1165
(custom)
cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server version 20H2 |
Affected:
10.0.0 , < 10.0.19042.1165
(custom)
cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 |
Affected:
10.0.0 , < 10.0.14393.4583
(custom)
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2016 (Server Core installation) |
Affected:
10.0.0 , < 10.0.14393.4583
(custom)
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < 6.0.6003.21192
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 (Server Core installation) |
Affected:
6.0.0 , < 6.0.6003.21192
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:* cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 Service Pack 2 |
Affected:
6.0.0 , < 6.0.6003.21192
(custom)
cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 |
Affected:
6.1.0 , < 6.1.7601.25685
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2008 R2 Service Pack 1 (Server Core installation) |
Affected:
6.0.0 , < 6.1.7601.25685
(custom)
cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 |
Affected:
6.2.0 , < 6.2.9200.23435
(custom)
cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 (Server Core installation) |
Affected:
6.2.0 , < 6.2.9200.23435
(custom)
cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 |
Affected:
6.3.0 , < 6.3.9600.20094
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:* |
|
| Microsoft | Windows Server 2012 R2 (Server Core installation) |
Affected:
6.3.0 , < 6.3.9600.20094
(custom)
cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:* |
Date Public
2021-08-10 07:00
CISA
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: e1463297-cf69-468a-abd8-12b943e2e53e
Exploited: Yes
Timestamps
First Seen: 2021-11-03
Asserted: 2021-11-03
Scope
Notes: KEV entry: Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-36942
Evidence
Type: Vendor Report
Signal: Successful Exploitation
Confidence: 80%
Source: cisa-kev
Details
| Cwes | CWE-749 |
|---|---|
| Feed | CISA Known Exploited Vulnerabilities Catalog |
| Product | Windows |
| Due Date | 2021-11-17 |
| Date Added | 2021-11-03 |
| Vendorproject | Microsoft |
| Vulnerabilityname | Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability |
| Knownransomwarecampaignuse | Known |
References
Created: 2026-02-02 12:28 UTC
| Updated: 2026-02-06 07:17 UTC
KEVIntel
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 046b8994-f1fa-42f3-a718-dfab6278c48f
Exploited: Yes
Timestamps
First Seen: 2021-11-03
Asserted: 2021-11-03
Scope
Notes: KEVIntel entry: Windows LSA Spoofing Vulnerability | Affected: Microsoft / Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) | CVSS: 7.5 (HIGH) | Used in malware: yes | Not yet in CISA KEV: False
Evidence
Type: Public Report
Signal: Confirmed Compromise
Confidence: 70%
Source: kevintel
Details
| Feed | KEVIntel (kevintel.com) |
|---|---|
| Title | Windows LSA Spoofing Vulnerability |
| Vendor | Microsoft |
| Product | Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation) |
| Added Date | 2021-11-03T00:00:00.000Z |
| Cvss Score | 7.5 |
| Epss Score | None |
| Cvss Severity | HIGH |
| Epss Percentile | None |
| Used In Malware | yes |
| Ahead Of Cisa Kev | None |
| Not Yet In Cisa Kev | False |
References
Created: 2026-06-19 12:47 UTC
| Updated: 2026-06-19 12:47 UTC
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:09:07.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#405600",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/405600"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-36942",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T14:49:20.734286Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:38.482Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00.000Z",
"value": "CVE-2021-36942 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.2114",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2019 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.17763.2114",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 2004",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19041.1165",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server version 20H2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.19042.1165",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.4583",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2016 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "10.0.14393.4583",
"status": "affected",
"version": "10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*"
],
"platforms": [
"32-bit Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.21192",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*",
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
],
"platforms": [
"32-bit Systems",
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.21192",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 Service Pack 2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.6003.21192",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.25685",
"status": "affected",
"version": "6.1.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2008 R2 Service Pack 1 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.1.7601.25685",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.23435",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.2.9200.23435",
"status": "affected",
"version": "6.2.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.20094",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*"
],
"platforms": [
"x64-based Systems"
],
"product": "Windows Server 2012 R2 (Server Core installation)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.3.9600.20094",
"status": "affected",
"version": "6.3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-08-10T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Windows LSA Spoofing Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Spoofing",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-28T19:53:59.348Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "VU#405600",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "https://www.kb.cert.org/vuls/id/405600"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942"
}
],
"title": "Windows LSA Spoofing Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2021-36942",
"datePublished": "2021-08-12T18:12:29.000Z",
"dateReserved": "2021-07-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:38.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2021-36942",
"cwes": "[\"CWE-749\"]",
"dateAdded": "2021-11-03",
"dueDate": "2021-11-17",
"knownRansomwareCampaignUse": "Known",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-36942",
"product": "Windows",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.",
"vendorProject": "Microsoft",
"vulnerabilityName": "Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability"
},
"epss": {
"cve": "CVE-2021-36942",
"date": "2026-06-22",
"epss": "0.66023",
"percentile": "0.99176"
},
"fkie_nvd": {
"cisaActionDue": "2021-11-17",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability",
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19041.1165\", \"matchCriteriaId\": \"C90BEC5F-E0A8-43C5-BB0D-251D19BFD66B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5F422A8C-2C4E-42C8-B420-E0728037E15C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\", \"matchCriteriaId\": \"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB18C4CE-5917-401E-ACF7-2747084FD36E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.14393.4583\", \"matchCriteriaId\": \"11769DC8-BD9F-4526-8B53-5380327930FB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.17763.2114\", \"matchCriteriaId\": \"61219C24-A1AE-427F-BBF8-A984BCB1CA6F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.0.19042.1165\", \"matchCriteriaId\": \"45A85E4C-6C7A-4B72-832D-AC12A78565C3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Windows LSA Spoofing Vulnerability\"}, {\"lang\": \"es\", \"value\": \"Una Vulnerabilidad de suplantaci\\u00f3n de identidad en Windows LSA\"}]",
"id": "CVE-2021-36942",
"lastModified": "2024-11-21T06:14:21.103",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"secure@microsoft.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:P/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-08-12T18:15:10.000",
"references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/405600\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"US Government Resource\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://www.kb.cert.org/vuls/id/405600\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\", \"US Government Resource\"]}]",
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-36942\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2021-08-12T18:15:10.000\",\"lastModified\":\"2025-10-30T19:13:17.557\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Windows LSA Spoofing Vulnerability\"},{\"lang\":\"es\",\"value\":\"Una Vulnerabilidad de suplantaci\u00f3n de identidad en Windows LSA\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secure@microsoft.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2004:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19041.1165\",\"matchCriteriaId\":\"C90BEC5F-E0A8-43C5-BB0D-251D19BFD66B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F422A8C-2C4E-42C8-B420-E0728037E15C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*\",\"matchCriteriaId\":\"AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7DF96F8-BA6A-4780-9CA3-F719B3F81074\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB18C4CE-5917-401E-ACF7-2747084FD36E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.14393.4583\",\"matchCriteriaId\":\"11769DC8-BD9F-4526-8B53-5380327930FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.17763.2114\",\"matchCriteriaId\":\"61219C24-A1AE-427F-BBF8-A984BCB1CA6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.0.19042.1165\",\"matchCriteriaId\":\"45A85E4C-6C7A-4B72-832D-AC12A78565C3\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/405600\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/405600\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.kb.cert.org/vuls/id/405600\", \"name\": \"VU#405600\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\", \"x_transferred\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-04T01:09:07.553Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-36942\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T14:49:20.734286Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2021-11-03T00:00:00.000Z\", \"value\": \"CVE-2021-36942 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942\", \"tags\": [\"government-resource\"]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"description\": \"CWE-noinfo Not enough information\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T14:49:10.146Z\"}}], \"cna\": {\"title\": \"Windows LSA Spoofing Vulnerability\", \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C\"}, \"scenarios\": [{\"lang\": \"en-US\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2114\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2019 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.17763.2114\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2004:10.0.19041.1165:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server version 2004\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19041.1165\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_20H2:10.0.19042.1165:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server version 20H2\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.19042.1165\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2016\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.14393.4583\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583:*:*:*:*:*:*:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2016 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.0.0\", \"lessThan\": \"10.0.14393.4583\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 Service Pack 2\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.6003.21192\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x64:*\", \"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 Service Pack 2 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.6003.21192\", \"versionType\": \"custom\"}], \"platforms\": [\"32-bit Systems\", \"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_sp2:6.0.6003.21192:*:*:*:*:*:x86:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 Service Pack 2\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.0.6003.21192\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 R2 Service Pack 1\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.1.0\", \"lessThan\": \"6.1.7601.25685\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2008_R2:6.1.7601.25685:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2008 R2 Service Pack 1 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.0.0\", \"lessThan\": \"6.1.7601.25685\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.2.0\", \"lessThan\": \"6.2.9200.23435\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012:6.2.9200.23435:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.2.0\", \"lessThan\": \"6.2.9200.23435\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012 R2\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3.0\", \"lessThan\": \"6.3.9600.20094\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}, {\"cpes\": [\"cpe:2.3:o:microsoft:windows_server_2012_R2:6.3.9600.20094:*:*:*:*:*:x64:*\"], \"vendor\": \"Microsoft\", \"product\": \"Windows Server 2012 R2 (Server Core installation)\", \"versions\": [{\"status\": \"affected\", \"version\": \"6.3.0\", \"lessThan\": \"6.3.9600.20094\", \"versionType\": \"custom\"}], \"platforms\": [\"x64-based Systems\"]}], \"datePublic\": \"2021-08-10T07:00:00.000Z\", \"references\": [{\"url\": \"https://www.kb.cert.org/vuls/id/405600\", \"name\": \"VU#405600\", \"tags\": [\"third-party-advisory\", \"x_refsource_CERT-VN\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en-US\", \"value\": \"Windows LSA Spoofing Vulnerability\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en-US\", \"type\": \"Impact\", \"description\": \"Spoofing\"}]}], \"providerMetadata\": {\"orgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"shortName\": \"microsoft\", \"dateUpdated\": \"2023-12-28T19:53:59.348Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-36942\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:25:38.482Z\", \"dateReserved\": \"2021-07-19T00:00:00.000Z\", \"assignerOrgId\": \"f38d906d-7342-40ea-92c1-6c4a2c6478c8\", \"datePublished\": \"2021-08-12T18:12:29.000Z\", \"assignerShortName\": \"microsoft\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…