CVE-2021-36942

HIGH KEV RANSOMWARE

Windows LSA - Privilege Escalation

Title source: llm

Description

Windows LSA Spoofing Vulnerability

Exploits (2)

metasploit WORKING POC

by GILLES Lionel, Spencer McIntyre · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/dcerpc/petitpotam.rb

View Code ZIP pw:eip

patchapalooza WORKING POC

by topotam · remote

https://github.com/topotam/PetitPotam

View Code ZIP pw:eip

References (3)

[Patch, Vendor Advisory] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942

[Exploit, Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/405600

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36942

Scores

CVSS v3 7.5

EPSS 0.9373

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-08-24

InTheWild.io 2021-08-23

ENISA EUVD EUVD-2021-23518

Ransomware Use Confirmed

Status published

Products (8)

microsoft/windows_server_2004 < 10.0.19041.1165

microsoft/windows_server_2008

microsoft/windows_server_2008 r2 sp1

microsoft/windows_server_2012

microsoft/windows_server_2012 r2

microsoft/windows_server_2016 < 10.0.14393.4583

microsoft/windows_server_2019 < 10.0.17763.2114

microsoft/windows_server_20h2 < 10.0.19042.1165

Published Aug 12, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026