CVE-2022-21971

Published Feb 9, 2022

Last updated 24 days ago

Exploit known CVSS high 7.8

Overview

Description: Windows Runtime Remote Code Execution Vulnerability
Source: secure@microsoft.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: Microsoft Windows Runtime Remote Code Execution Vulnerability
Exploit added on: Aug 18, 2022
Exploit action due: Sep 8, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-824
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-824

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F47D7D57-5C24-46D8-A515-8007757F5498",
            "versionEndExcluding": "10.0.17763.2565"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BF8B084-27DC-4F86-B801-B62FE796FF50",
            "versionEndExcluding": "10.0.18363.2094"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B3D9A9C7-8331-4549-9153-65BDD758A583",
            "versionEndExcluding": "10.0.19042.1526"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B40311C2-4ED8-4B9A-B9B5-2CCAB28EEA66",
            "versionEndExcluding": "10.0.19043.1526"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05511CD6-CBAB-4534-A8E3-B846ECC3DDFF",
            "versionEndExcluding": "10.0.19044.1526"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B3F7AF6-7251-4EF7-B044-99699E97B5C9",
            "versionEndExcluding": "10.0.22000.493"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5E25CB9-F0C4-44F2-A302-41D2C7C9DB4A",
            "versionEndExcluding": "10.0.17763.2565"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97C266DC-3AD4-4593-A9A8-27F6D5E61AED",
            "versionEndExcluding": "10.0.20348.524"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5161F88-F831-4E07-A54F-E3E7A019A355",
            "versionEndExcluding": "10.0.19042.1526"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References