CVE-2021-36955

HIGH KEV RANSOMWARE

Windows Common Log File System Driver - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2021-36955 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including JiaJinRong12138.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-36955, a local privilege escalation vulnerability in Windows. The code demonstrates kernel memory manipulation and token stealing techniques to elevate privileges.

Description

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Exploits (1)

nomisec WORKING POC 14 stars

by JiaJinRong12138 · local

https://github.com/JiaJinRong12138/CVE-2021-36955-EXP

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-36955, a local privilege escalation vulnerability in Windows. The code demonstrates kernel memory manipulation and token stealing techniques to elevate privileges.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Microsoft Windows (specific versions affected by CVE-2021-36955)

No auth needed

Prerequisites: Local access to a vulnerable Windows system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36955

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36955

Scores

CVSS v3 7.8

EPSS 0.0305

EPSS Percentile 85.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-11-03

InTheWild.io 2021-11-03

ENISA EUVD EUVD-2021-23531

Ransomware Use Confirmed

Status published

Products (18)

microsoft/windows_10_1507 < 10.0.10240.19060

microsoft/windows_10_1607 < 10.0.14393.4651

microsoft/windows_10_1809 < 10.0.17763.2183

microsoft/windows_10_1909 < 10.0.18363.1801

microsoft/windows_10_2004 < 10.0.19041.1237

microsoft/windows_10_20h2 < 10.0.19042.1237

microsoft/windows_10_21h1 < 10.0.19043.1237

microsoft/windows_7

microsoft/windows_8.1

microsoft/windows_rt_8.1

... and 8 more

Published Sep 15, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026