CVE-2021-31166
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
10
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
HTTP Protocol Stack Remote Code Execution Vulnerability
Una vulnerabilidad de Ejecución de Código Remota de HTTP Protocol Stack
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-04-14 CVE Reserved
- 2021-05-11 CVE Published
- 2021-05-17 First Exploit
- 2022-04-06 Exploited in Wild
- 2022-04-27 KEV Due Date
- 2024-08-03 CVE Updated
- 2024-11-18 EPSS Updated
CWE
- CWE-416: Use After Free
CAPEC
References (15)
URL | Date | SRC |
---|---|---|
https://github.com/0vercl0k/CVE-2021-31166 | 2021-05-21 | |
https://github.com/antx-code/CVE-2021-31166 | 2021-11-04 | |
https://github.com/corelight/CVE-2021-31166 | 2021-05-28 | |
https://github.com/y0g3sh-99/CVE-2021-31166-Exploit | 2021-07-03 | |
https://github.com/zecopro/CVE-2021-31166 | 2021-05-19 | |
https://github.com/zha0gongz1/CVE-2021-31166 | 2021-05-17 | |
https://github.com/mauricelambert/CVE-2021-31166 | 2022-03-16 | |
https://github.com/mvlnetdev/CVE-2021-31166-detection-rules | 2022-02-26 | |
https://github.com/imikoYa/CVE-2021-31166-exploit | 2021-10-20 | |
https://github.com/bgsilvait/WIn-CVE-2021-31166 | 2021-05-23 |
URL | Date | SRC |
---|---|---|
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31166 | 2024-07-09 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Microsoft Search vendor "Microsoft" | Windows 10 2004 Search vendor "Microsoft" for product "Windows 10 2004" | < 10.0.19041.982 Search vendor "Microsoft" for product "Windows 10 2004" and version " < 10.0.19041.982" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows 10 20h2 Search vendor "Microsoft" for product "Windows 10 20h2" | < 10.0.19042.982 Search vendor "Microsoft" for product "Windows 10 20h2" and version " < 10.0.19042.982" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 2004 Search vendor "Microsoft" for product "Windows Server 2004" | < 10.0.19041.982 Search vendor "Microsoft" for product "Windows Server 2004" and version " < 10.0.19041.982" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Windows Server 20h2 Search vendor "Microsoft" for product "Windows Server 20h2" | < 10.0.19042.982 Search vendor "Microsoft" for product "Windows Server 20h2" and version " < 10.0.19042.982" | - |
Affected
|