CVE-2021-36949
HIGHMicrosoft Azure Active Directory Connect 1.3.20.0-1.6.11.3 - Authentication Bypass
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-36949. PoCs published by Maxwitat.
AI-analyzed exploit summary This PowerShell script checks if the installed Azure AD Connect version is vulnerable to CVE-2021-36949 by querying the global settings and comparing the version number. It also checks if AutoUpgrade is enabled but does not exploit the vulnerability.
Description
Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability
Exploits (1)
nomisec
SCANNER
3 stars
by Maxwitat · poc
https://github.com/Maxwitat/Check-AAD-Connect-for-CVE-2021-36949-vulnerability
This PowerShell script checks if the installed Azure AD Connect version is vulnerable to CVE-2021-36949 by querying the global settings and comparing the version number. It also checks if AutoUpgrade is enabled but does not exploit the vulnerability.
Classification
Scanner 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Azure AD Connect versions 1.6.4.0 and 2.0.3.0
Auth required
Prerequisites:
Access to the server where Azure AD Connect is installed · PowerShell execution privileges
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36949
Scores
CVSS v3
7.1
EPSS
0.0120
EPSS Percentile
64.4%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-287
Status
published
Products (2)
microsoft/azure_active_directory_connect
1.3.20.0 - 1.6.11.3
microsoft/azure_active_directory_connect_provisioning_agent
< 1.1.582.0
Published
Aug 12, 2021
Tracked Since
Feb 18, 2026