Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-24038

Summary
Assigner-facebook
Assigner Org ID-4fc57720-52fe-4431-a0fb-3d2c8747b827
Published At-18 Aug, 2021 | 23:35
Updated At-03 Aug, 2024 | 19:21
Rejected At-
Credits

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:facebook
Assigner Org ID:4fc57720-52fe-4431-a0fb-3d2c8747b827
Published At:18 Aug, 2021 | 23:35
Updated At:03 Aug, 2024 | 19:21
Rejected At:
▼CVE Numbering Authority (CNA)

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

Affected Products
Vendor
FacebookFacebook
Product
Oculus Desktop
Versions
Affected
  • From unspecified before 31.1.0.67.507 (custom)
Unaffected
  • From 31.1.0.67.507 before unspecified (custom)
  • From unspecified through 1.39 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-269CWE-269: Improper Privilege Management
Type: CWE
CWE ID: CWE-269
Description: CWE-269: Improper Privilege Management
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.facebook.com/security/advisories/cve-2021-24038
x_refsource_CONFIRM
Hyperlink: https://www.facebook.com/security/advisories/cve-2021-24038
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.facebook.com/security/advisories/cve-2021-24038
x_refsource_CONFIRM
x_transferred
Hyperlink: https://www.facebook.com/security/advisories/cve-2021-24038
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve-assign@fb.com
Published At:19 Aug, 2021 | 16:15
Updated At:27 Aug, 2021 | 13:38

Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.04.6MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 4.6
Base severity: MEDIUM
Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
Oculus
oculus
>>desktop>>Versions from 1.39(inclusive) to 31.1.0.67.507(exclusive)
cpe:2.3:a:oculus:desktop:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-269Primarynvd@nist.gov
CWE-269Secondarycve-assign@fb.com
CWE ID: CWE-269
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-269
Type: Secondary
Source: cve-assign@fb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.facebook.com/security/advisories/cve-2021-24038cve-assign@fb.com
Third Party Advisory
Hyperlink: https://www.facebook.com/security/advisories/cve-2021-24038
Source: cve-assign@fb.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

701Records found
CVE-2023-51776
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.37%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 00:00
Updated-13 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management in Jungo WinDriver before 12.1.0 allows local attackers to escalate privileges and execute arbitrary code.

Action-Not Available
Vendor-jungon/aMitsubishi Electric Corporation
Product-mr_configuratorfr_configurator2mrzjw3-mc2-utlsw1dnc-qsccf-bcpu_module_logging_configuration_toolsw1dnc-mnetg-bcw_configuratorgt_got1000numerical_control_device_communicationsw1dnc-ccief-b_firmwareiq_workssw1dnc-ccief-j_firmwaremx_opc_server_da\/uasw1dnd-emsdk-bwindriverezsocketmi_configuratorsw1dnc-ccbd2-b_firmwaredata_transfersw1dnc-ccbd2-bgt_softgot2000gx_developersw1dnc-mnetg-b_firmwaremr_configurator2gt_got2000sw1dnc-ccief-jdata_transfer_classicgenesis64gx_works2gt_softgot1000sw1dnc-qsccf-b_firmwaresw1dnd-emsdk-b_firmwarert_toolbox3mrzjw3-mc2-utl_firmwaregx_works3sw1dnc-ccief-bfr_configurator_sw3gx_logviewerpx_developer\/monitor_toolmx_componentsw0dnc-mneth-bsw0dnc-mneth-b_firmwarert_visualboxn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34511
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Installer Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34471
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.25% / 47.98%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:11
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Windows Defender Elevation of Privilege Vulnerability

Microsoft Windows Defender Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-malware_protection_engineMicrosoft Malware Protection Engine
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34514
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.40% / 60.05%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34456
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.70%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-50700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.03% / 6.82%
||
7 Day CHG~0.00%
Published-26 Jul, 2024 | 00:00
Updated-02 Aug, 2024 | 22:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure Permissions vulnerability in Deepin dde-file-manager 6.0.54 and earlier allows privileged operations to be called by unprivileged users via the D-Bus method.

Action-Not Available
Vendor-n/adeepin
Product-n/adde_file_manager
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-3439
Matching Score-4
Assigner-HP Inc.
ShareView Details
Matching Score-4
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.08%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 21:39
Updated-27 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.

Action-Not Available
Vendor-HP Inc.
Product-zhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)288_pro_g4_microtower_\(rom_family_ssid_843c\)proone_600_g4_21.5-inch_touch_all-in-one_business_pc290_g2_small_form_factor_\(rom_family_ssid_8768\)_firmwareelitebook_x360_1040_g7_firmwareelite_slice_g2_with_microsoft_teams_roomszbook_15_g4probook_450_g3prodesk_600_g5_small_form_factor_pczhan_66_pro_15_g2_firmwareproone_490_g3_\(rom_family_ssid_81b7\)zhan_86_pro_g1_microtower_pcelitedesk_800_g2_tower_pceliteone_1000_g1_23.8-in_touch_all-in-one_business_pcprobook_430_g7elitedesk_800_35w_g4_desktop_mini_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmwarez4_g4_workstation_\(core-x\)_firmwareelitebook_x360_1030_g7_firmwaredesktop_pro_g1_microtower_\(rom_family_ssid_843c\)_firmwareelitebook_840_g3elitebook_x360_1030_g4_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)zhan_66_pro_13_g2elitebook_folio_g1_firmwareeliteone_800_g2_23-inch_non-touch_all-in-one_pc_firmwareprobook_430_g8probook_440_g8probook_x360_11_g4_education_edition_firmwarezbook_17_g6zbook_firefly_15_g7engage_flex_pro_retail_systemzbook_17_g3256_g4_firmwareelite_sliceproone_440_g3_\(rom_family_ssid_81b7\)z2_small_form_factor_g5240_g6probook_640_g3prodesk_400_g6_small_form_factor_pcelitedesk_800_g6_tower_pc200_g3_all-in-one_\(rom_family_ssid_8431\)prodesk_600_g5_desktop_mini_pc340s_g7_firmwareelitedesk_800_g4_tower_pcelitebook_1040_g3240_g4z2_mini_g5_firmwaredesktop_pro_g2_microtower_pc_firmwareprobook_640_g4_firmwarezbook_studio_g7_firmwaremt31_thin_client_firmwareprodesk_600_g2_microtower_pc290_g4_microtower_\(rom_family_ssid_8948\)_firmwareprobook_440_g3prodesk_600_g3_desktop_mini_pc_firmwarez240_tower_firmwaredesktop_pro_g3406_microtower_pc_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc_firmwareelite_x2_1012_g1218_pro_g5_microtower_pcspectre_pro_13_g1_firmwareelite_x2_1012_g1_tabletmt31_thin_clientzbook_studio_x360_g5_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pc_firmware260_g3_desktop_mini_pcprobook_450_g8_firmwareprobook_650_g7probook_430_g3280_pro_g3_microtower_pcelitedesk_880_g2_tower_pc_firmwareprodesk_400_g3_desktop_mini_pc_firmwareelitedesk_800_35w_g2_desktop_mini_pc_firmwaremp9_g2_retail_system_firmware340_g3elite_slice_g2_with_zoom_rooms_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)z2_mini_g3290_g2_small_form_factor_\(rom_family_ssid_86e9\)stream_11_pro_g4z2_tower_g4_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_800_g2_tower_pc_firmwareengage_flex_pro_retail_system_firmware346_g3_firmwareprodesk_400_g3_desktop_mini_pcengage_flex_pro-c_retail_system_firmwareproone_440_g5_23.8-in_all-in-one_business_pc_firmwarezbook_15v_g5_mobile_workstationelitedesk_800_g4_small_form_factor_pceliteone_800_g5_23.8-in_healthcare_edition_all-in-oneprobook_x360_11_g6_education_edition_firmwareprodesk_480_g4_microtower_pcelite_dragonfly_g2engage_one_pro_aio_system_firmwarezbook_14u_g5probook_430_g4prodesk_480_g7_pci_microtower_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)engage_gomobile_systemprobook_430_g7_firmwarezbook_14u_g4246_g6_firmware280_pro_g3_microtower_pc_firmwareeliteone_800_g2_23-inch_touch_all-in-one_pc280_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarez1_entry_tower_g5280_g3_small_form_factor_\(rom_family_ssid_843f\)_firmware290_g4_microtower_\(rom_family_ssid_877e\)probook_x360_11_g5_education_edition_firmwaredesktop_pro_g2_microtower_pcprodesk_480_g6_microtower_pc_firmwarez640_workstation_firmwareeliteone_800_g3_23.8_non-touch_healthcare_edition_all-in-one_business_pc250_g5z2_tower_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc258_g6_firmwareelitedesk_800_g5_tower_pcprodesk_400_g4_desktop_mini_pc_firmware256_g4desktop_pro_g3_firmwareprodesk_600_g6_small_form_factor_pc_firmwareelitebook_x360_1040_g6elitedesk_800_g6_desktop_mini_pc_firmwarez240_small_form_factorelite_dragonflyzhan_x_13_g2348_g5zhan_66_pro_14_g3eliteone_800_g6_24_all-in-one_pc260_g4_desktop_mini_pc_firmwareprodesk_680_g4_microtower_pc_\(with_pci_slot\)zbook_15u_g6zcentral_4rprobook_630_g8zbook_15_g3_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)_firmware200_g3_all-in-one_\(rom_family_ssid_8431\)_firmwaremt22_thin_client_firmwareeliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc280_g3_small_form_factor_\(rom_family_ssid_843f\)probook_450_g4engage_one_all-in-one_systemprobook_630_g8_firmwareelitebook_1030_g1_firmwareengage_one_pro_aio_systemeliteone_800_g3_23.8-inch_touch_all-in-one_pcengage_gomobile_system_firmwaremt21_thin_client_firmwareprobook_446_g3256_g5zhan_66_pro_g1_r_microtower_pc_firmwareprodesk_600_g4_small_form_factor_pcspectre_pro_x360_g2256_g5_firmwareprobook_640_g8_firmware288_pro_g6_microtower_\(rom_family_ssid_8948\)_firmware340_g5_firmwareprodesk_400_g6_microtower_pcelitedesk_800_g3_small_form_factor_pc290_g2_small_form_factor_\(rom_family_ssid_86e9\)_firmwarestream_11_pro_g5elite_slice_g2_-_partner_ready_with_microsoft_teams_rooms240_g7_firmwareelitebook_840_g3_firmware240_g4_firmware246_g4probook_430_g5_firmware346_g4290_g1_small_form_factor_\(rom_family_ssid_843f\)_firmwareelite_x2_g4prodesk_400_g5_small_form_factor_pc_firmwareprodesk_480_g4_microtower_pc_firmwarez240_small_form_factor_firmwareelite_slice_firmwarezbook_power_g7_firmwarezhan_66_pro_15_g3290_g3_\(rom_family_ssid_86e9\)_firmwarez2_tower_g5zbook_14u_g4_firmwareproone_400_g3_20-inch_non-touch_all-in-one_pcz2_small_form_factor_g4_firmwaremt20_thin_client_firmwareprodesk_600_g4_small_form_factor_pc_firmwareprodesk_400_g7_microtower_pc_firmwareprobook_x360_11_g5_education_editionz1_all-in-one_g3_firmwarezbook_studio_g4_firmwareelitebook_828_g4_firmwaredesktop_pro_g2z840_workstation250_g6elitebook_x360_1040_g5_firmwareprodesk_680_g6_pci_microtower_pc_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pcelitebook_x360_1040_g6_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)_firmwareelite_slice_g2_with_intel_uniteproone_400_g4_20-inch_non-touch_all-in-one_business_pc_firmware250_g5_firmwarezhan_66_pro_14_g4_firmwarezhan_66_pro_g1eliteone_800_g2_23-inch_touch_all-in-one_pc_firmware348_g4probook_430_g3_firmwareelitedesk_800_65w_g2_desktop_mini_pc_firmwarezbook_fury_15_g7_firmwareprobook_440_g4288_pro_g3_microtower250_g4_firmwareprodesk_600_g3_small_form_factor_pc_firmwareelitebook_840_g6zbook_15_g5z238_microtower_firmwarezbook_studio_g4mt21_thin_clientprodesk_680_g3_microtower_pcelitebook_828_g3prodesk_680_g4_microtower_pc_firmwareelitedesk_800_35w_g4_desktop_mini_pczbook_15u_g3470_g7elitedesk_800_g5_desktop_mini_pcprodesk_680_g2_microtower_pc_firmwareelitebook_x360_1040_g7z238_microtowerprodesk_400_g4_desktop_mini_pcprodesk_600_g6_small_form_factor_pcstream_11_pro_g4_firmwareproone_440_g4_23.8-inch_non-touch_all-in-one_business_pc_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareprobook_470_g4elitebook_848_g3zhan_66_pro_g3_24_all-in-one_pc_firmware250_g6_firmwareprodesk_600_g6_microtower_pceliteone_800_g4_23.8-inch_touch_all-in-one_pc_firmwareelite_x2_1012_g2elitebook_840_g6_firmwarez2_tower_g4probook_440_g4_firmware280_g4_small_form_factor_\(rom_family_ssid_86e9\)_firmwareprodesk_400_g5_desktop_mini_pcsprout_pro_by_g2240_g7elitebook_848_g3_firmwarezhan_66_pro_g1_firmwareelitebook_1050_g1prodesk_600_g4_microtower_pc_firmwareprodesk_600_g3_microtower_pc_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pcelitebook_x360_830_g6_firmwarezbook_create_g7proone_440_g4_23.8-inch_non-touch_all-in-one_business_pcproone_600_g6_22_all-in-one_pceliteone_1000_g1_23.8-in_all-in-one_business_pcprodesk_480_g5_microtower_pcelitebook_840_g5_healthcare_editionelitedesk_800_g6_small_form_factor_pc_firmwareprodesk_400_g2_desktop_mini_pcelitedesk_800_g4_workstation_edition_firmwareelitedesk_800_g3_tower_pc_firmwarezhan_66_pro_g1_microtower_pc_firmwareprobook_470_g3zbook_14u_g6_firmwareprobook_x360_11_g3_education_editionprobook_x360_440_g1_firmwareelitedesk_800_g4_tower_pc_firmwareelitebook_x360_1030_g3probook_x360_11_g2_education_edition_firmwareelitedesk_800_65w_g2_desktop_mini_pcprodesk_400_g5_small_form_factor_pc282_pro_g4_microtower_\(rom_family_ssid_843c\)proone_440_g3_\(rom_family_ssid_81b7\)_firmwareprodesk_600_g2_desktop_mini_pceliteone_800_g3_23.8-inch_non-touch_all-in-one_pc_firmwareprobook_450_g7406_microtower_pcprodesk_600_g2_microtower_pc_firmwareelitebook_850_g3_firmwareprodesk_600_g6_pci_microtower_pcelitedesk_880_g3_tower_pc_firmwareproone_600_g5_21.5-in_all-in-one_business_pcz2_mini_g4prodesk_680_g4_microtower_pc_\(with_pci_slot\)_firmwareprobook_650_g8_firmwareprobook_446_g3_firmwarezbook_15_g4_firmwareelitebook_x360_1030_g4proone_600_g3_21.5-inch_non-touch_all-in-one_pc_firmwareelitebook_848_g4_firmwareelitedesk_800_g6_desktop_mini_pcdesktop_pro_microtower_pczhan_66_pro_15_g2280_g3_microtower_pc_firmwareelitedesk_800_g4_workstation_edition290_g1_small_form_factor_\(rom_family_ssid_843f\)proone_440_g5_23.8-in_all-in-one_business_pcelitebook_850_g4zhan_66_pro_g3_24_all-in-one_pc348_g3_firmwareelite_dragonfly_max205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc280_g5_small_form_factor_\(rom_family_ssid_86e9\)_firmwareelitedesk_800_35w_g3_desktop_mini_pc_firmwareelitedesk_800_g6_tower_pc_firmwareprodesk_600_g6_microtower_pc_firmware246_g7zbook_15_g6elitedesk_880_g6_tower_pc_firmwareprodesk_600_g3_desktop_mini_pczbook_studio_g5elitebook_1040_g3_firmware280_g3_pci_microtower_pcelite_x2_1012_g2_firmwarezbook_15v_g5_mobile_workstation_firmwarerp9_g1_retail_systemprobook_650_g4elitebook_848_g4eliteone_800_g2_23-inch_non-touch_all-in-one_pceliteone_800_g4_23.8-inch_touch_gpu_all-in-one_pc_firmwareprobook_640_g4prodesk_400_g4_microtower_pcelitedesk_800_35w_g2_desktop_mini_pcprodesk_600_g5_small_form_factor_pc_firmware256_g7_firmware288_pro_g3_microtower_firmwareelitebook_1030_g1200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwarez1_entry_tower_g6_firmwareelitebook_840_g6_healthcare_edition_firmwarezbook_15u_g4_firmwareproone_400_g4_23.8-inch_non-touch_all-in-one_business_pcpro_x2_612_g2_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmware340_g4_firmwareprobook_640_g7280_g5_microtower_\(rom_family_ssid_877e\)_firmwareprobook_450_g5_firmwaremt22_thin_clientz1_entry_tower_g6zbook_fury_17_g7340_g7_firmwarezbook_15u_g5258_g7elitedesk_800_65w_g3_desktop_mini_pcelitedesk_880_g2_tower_pceliteone_800_g3_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareengage_one_all-in-one_system_firmwareelite_x2_g4_firmwarezbook_15u_g3_firmwarezhan_66_pro_14_g3_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pcproone_400_g6_24_all-in-one_pc_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)_firmware290_g4_microtower_\(rom_family_ssid_8948\)elitebook_830_g5prodesk_480_g5_microtower_pc_firmwaredesktop_pro_g2_firmwareelite_slice_for_meeting_roomsz240_tower280_g4_small_form_factor_\(rom_family_ssid_86e9\)mt20_thin_clientelitebook_folio_g1desktop_pro_300_g3zbook_17_g4proone_400_g2_20-inch_non-touch_all-in-one_pc_firmwaremp9_g4_retail_systemelitebook_840_g5_firmwarez2_small_form_factor_g5_firmwarezbook_14u_g6prodesk_400_g4_small_form_factor_pcprodesk_600_g4_desktop_mini_pc_firmwarezhan_86_pro_g2_microtower_\(rom_family_ssid_843c\)_firmware250_g7_firmwareeliteone_1000_g2_27-in_4k_uhd_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pc_firmwareelitebook_1040_g4282_pro_g3_microtower_pcelitedesk_800_95w_g4_desktop_mini_pc_firmwareproone_600_g3_21.5-inch_non-touch_all-in-one_pc348_g3prodesk_400_g4_small_form_factor_pc_firmwareprobook_470_g4_firmwarerp9_g1_retail_system_firmwareprodesk_680_g6_pci_microtower_pc280_g4_microtower_\(rom_family_ssid_843c\)_firmwareproone_400_g2_20-inch_touch_all-in-one_pc_firmware348_g5_firmware282_pro_g5_microtower_\(rom_family_ssid_86e9\)205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)zhan_66_pro_15_g3_firmwareproone_600_g6_22_all-in-one_pc_firmware282_pro_g3_microtower_pc_firmwareelitebook_x360_830_g7elitebook_x360_1030_g3_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareeliteone_800_g4_23.8-inch_non-touch_gpu_all-in-one_pc_firmwareelitebook_846_g5_firmwareprodesk_600_g3_microtower_pcelite_dragonfly_g2_firmware260_g4_desktop_mini_pcproone_400_g5_23.8-inch_all-in-one_business_pc246_g5256_g6_firmware288_pro_g6_microtower_\(rom_family_ssid_877e\)probook_440_g5prodesk_600_g4_microtower_pcproone_400_g4_23.8-inch_non-touch_all-in-one_business_pc_firmwareproone_600_g4_21.5-inch_touch_all-in-one_business_pc_firmwarezbook_studio_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)elitedesk_880_g3_tower_pczbook_fury_15_g7prodesk_680_g3_microtower_pc_firmwareprobook_650_g3200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)probook_640_g5_firmwareprobook_650_g2elitebook_x360_1040_g8prodesk_400_g6_small_form_factor_pc_firmwareelitedesk_800_65w_g4_desktop_mini_pc_firmwarez_vr_backpack_g1348_g7200_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)eliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pc_firmwareelitebook_828_g4348_g7_firmwareprobook_650_g2_firmwarezbook_15_g3proone_600_g5_21.5-in_all-in-one_business_pc_firmware288_pro_g5_microtower_\(rom_family_ssid_86e9\)eliteone_1000_g2_34-in_curved_all-in-one_business_pcprobook_450_g7_firmwareprobook_650_g4_firmware240_g6_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)probook_640_g7_firmwarez2_mini_g4_firmwareelitebook_830_g6_firmwareproone_400_g5_20-inch_all-in-one_business_pc_firmwareprobook_430_g6_firmwareprodesk_600_g5_microtower_pc_firmwareeliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc_firmwareelitedesk_880_g6_tower_pcelitebook_x360_1030_g8zbook_create_g7_firmwareeliteone_800_g6_27_all-in-one_pcprodesk_600_g6_desktop_mini_pczbook_17_g6_firmwareelitedesk_800_g2_small_form_factor_pc_firmwarez_vr_backpack_g1_firmwareelitebook_840_g7zhan_66_pro_g1_microtower_pcz6_g4_workstationzbook_studio_g7elitebook_x360_1030_g2_firmware218_pro_g5_microtower_pc_firmware340_g4282_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwarezhan_66_pro_14_g2elite_slice_g2_-_audio_ready_with_zoom_roomsz4_g4_workstation_\(xeon_w\)_firmwarepro_x2_612_g2z1_all-in-one_g3240_g5prodesk_400_g5_microtower_pcelitebook_850_g3prodesk_400_g5_microtower_pc_firmwareeliteone_800_g5_23.8-inch_all-in-one_firmwareelitedesk_880_g4_tower_pcelitedesk_800_g4_small_form_factor_pc_firmwareprobook_640_g3_firmwarez2_mini_g3_firmwaret430_thin_client_firmwareprobook_430_g4_firmwareprodesk_400_g6_desktop_mini_pc_firmware280_pro_g3_small_form_factor_\(rom_family_ssid_843f\)_firmwareproone_400_g3_20-inch_touch_all-in-one_pcengage_flex_pro-c_retail_systemprobook_650_g3_firmwareprobook_470_g5258_g6elitedesk_880_g5_tower_pc_firmware240_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)_firmwareelitebook_x360_1030_g2elitebook_830_g7elite_dragonfly_max_firmwarespectre_pro_x360_g2_firmwareprodesk_400_g4_microtower_pc_firmwarezbook_x2_g4_firmwareelite_slice_for_meeting_rooms_firmwareproone_490_g3_\(rom_family_ssid_82dc\)340_g7z6_g4_workstation_firmwareprodesk_600_g4_desktop_mini_pc280_g4_small_form_factor_\(rom_family_ssid_8768\)290_g3_\(rom_family_ssid_86e9\)prodesk_600_g5_desktop_mini_pc_firmwareprobook_650_g5prodesk_600_g5_microtower_pcelitebook_x360_1020_g2_firmwareproone_400_g4_20-inch_non-touch_all-in-one_business_pcz8_g4_workstation_firmwareeliteone_800_g5_23.8-in_healthcare_edition_all-in-one_firmwareprobook_440_g7eliteone_1000_g1_27-in_4k_uhd_all-in-one_business_pc260_g2_desktop_mini340_g5proone_600_g2_21.5-inch_touch_all-in-one_pc_firmwareprobook_640_g8elitebook_830_g5_firmwareprodesk_680_g4_microtower_pc282_pro_g6_microtower_\(rom_family_ssid_8948\)346_g3mp9_g4_retail_system_firmwareprobook_650_g8elitebook_836_g6_firmware280_g3_pci_microtower_pc_firmwareelitedesk_800_g5_small_form_factor_pc_firmwareproone_400_g5_23.8-inch_all-in-one_business_pc_firmwareprobook_640_g2elitebook_850_g6_firmwaremp9_g2_retail_systemprobook_440_g3_firmware346_g4_firmwareelitebook_846_g5zbook_firefly_15_g7_firmwareprobook_440_g6282_pro_g6_microtower_\(rom_family_ssid_8948\)_firmwareproone_490_g3_\(rom_family_ssid_81b7\)_firmwaredesktop_pro_300_g3_firmware340_g3_firmwareelitedesk_800_g3_tower_pczbook_studio_x360_g5elitebook_x360_830_g7_firmwareproone_400_g6_20_all-in-one_pc205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)eliteone_800_g3_23.8-inch_touch_all-in-one_pc_firmwarezhan_66_pro_g1_r_microtower_pcelitebook_840_g4_firmware250_g4probook_450_g8zbook_17_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pczbook_firefly_14_g7probook_640_g5zbook_17_g5_firmwareelitebook_850_g5246_g7_firmwareprodesk_600_g6_pci_microtower_pc_firmware200_g3_all-in-one_\(rom_family_ssid_84de\)_firmwareelitebook_840_g5eliteone_800_g4_23.8-in_healthcare_edition_all-in-one_business_pc_firmwarezbook_15u_g5_firmwareprobook_650_g7_firmwarezhan_66_pro_14_g4eliteone_1000_g1_23.8-in_all-in-one_business_pc_firmwareeliteone_800_g6_27_all-in-one_pc_firmwareelitebook_850_g7zbook_15_g6_firmwareprodesk_400_g7_small_form_factor_pc_firmwareelitebook_840_g5_healthcare_edition_firmwareprobook_x360_11_g3_education_edition_firmwareproone_600_g2_21.5-inch_non-touch_all-in-one_pc_firmwarezbook_15u_g6_firmwareelitedesk_800_65w_g3_desktop_mini_pc_firmware260_g2_desktop_mini_firmwareelitedesk_880_g5_tower_pcelite_x2_1013_g3_firmwareelitedesk_800_95w_g4_desktop_mini_pcelite_slice_g2_-_partner_ready_with_microsoft_teams_rooms_firmwareproone_400_g5_20-inch_all-in-one_business_pcelitedesk_800_g3_small_form_factor_pc_firmware280_pro_g6_microtower_\(rom_family_ssid_8948\)elitebook_x360_1040_g5elitebook_x360_1040_g8_firmwareelitebook_x360_830_g5_firmwareproone_400_g6_24_all-in-one_pcz640_workstation280_g3_microtower_pcproone_480_g3_20-inch_non-touch_all-in_one_pcproone_400_g3_20-inch_non-touch_all-in-one_pc_firmwareelite_dragonfly_firmwareelitebook_840_g4stream_11_pro_g5_firmwarez4_g4_workstation_\(core-x\)zhan_66_pro_14_g2_firmwareelitebook_820_g3_firmwarezbook_15_g5_firmware290_g2_microtower_\(rom_family_ssid_843c\)_firmwareeliteone_800_g5_23.8-inch_all-in-oneprobook_450_g5elite_slice_g2_with_intel_unite_firmwaret638_thin_client_firmwarez840_workstation_firmwareelitebook_840r_g4_firmwareprodesk_600_g3_small_form_factor_pcprobook_x360_11_g6_education_editioneliteone_800_g3_23.8-inch_touch_gpu_all-in-one_pct638_thin_client280_pro_g4_microtower_\(rom_family_ssid_843c\)256_g7elitedesk_880_g4_tower_pc_firmwareprodesk_600_g2_small_form_factor_pc_firmwareelitedesk_800_g5_desktop_mini_pc_firmwareelitebook_840r_g4elitebook_836_g5_firmwareeliteone_1000_g2_23.8-in_touch_all-in-one_business_pc_firmware246_g6elitebook_x360_1030_g7290_g1_microtower_pczhan_x_13_g2_firmwareeliteone_1000_g2_34-in_curved_all-in-one_business_pc_firmware246_g5_firmwareeliteone_800_g3_23.8-inch_non-touch_all-in-one_pcz8_g4_workstationelite_x2_1013_g3200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)desktop_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_65w_g4_desktop_mini_pcelitebook_850_g4_firmwareprobook_430_g6elitedesk_800_g2_small_form_factor_pcprodesk_400_g6_microtower_pc_firmwareelite_slice_g2_with_microsoft_teams_rooms_firmwarezhan_99_pro_g1_microtower_\(rom_family_ssid_843c\)elitedesk_800_g6_small_form_factor_pcprobook_470_g3_firmwareprobook_450_g4_firmwareelitebook_850_g6470_g7_firmware290_g4_microtower_\(rom_family_ssid_877e\)_firmware200_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_35w_g3_desktop_mini_pcprodesk_480_g6_microtower_pc280_g5_microtower_\(rom_family_ssid_877e\)probook_640_g2_firmwarezbook_fury_17_g7_firmwareelitebook_820_g4_firmwareelitebook_820_g4elitebook_836_g6elitebook_x360_830_g5290_g1_microtower_pc_firmware290_g2_small_form_factor_\(rom_family_ssid_8768\)probook_x360_11_g2_education_editionproone_440_g6_24_all-in-one_pc_firmwareproone_440_g3_\(rom_family_ssid_82dc\)_firmwareeliteone_1000_g1_34-in_curved_all-in-one_business_pcelitebook_836_g5prodesk_400_g5_desktop_mini_pc_firmwareprodesk_400_g2_desktop_mini_pc_firmwareproone_480_g3_20-inch_non-touch_all-in_one_pc_firmwareproone_600_g2_21.5-inch_touch_all-in-one_pcprobook_x360_440_g1proone_400_g3_20-inch_touch_all-in-one_pc_firmwarez4_g4_workstation_\(xeon_w\)z440_workstationz1_entry_tower_g5_firmware205_g4_22_all-in-one_pc_\(rom_family_ssid_86f8\)prodesk_600_g2_desktop_mini_pc_firmwareelitebook_850_g5_firmwareprobook_440_g7_firmwaresprout_pro_by_g2_firmwareelitebook_1040_g4_firmware250_g7zbook_14u_g5_firmware258_g7_firmware205_pro_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelitedesk_800_g5_tower_pc_firmware288_pro_g4_microtower_\(rom_family_ssid_843c\)_firmwareelite_x2_1012_g1_tablet_firmwareelitebook_x360_830_g6probook_450_g3_firmwareprobook_440_g5_firmwarezbook_17_g3_firmwareelitebook_830_g6elitebook_820_g3zcentral_4r_firmware340s_g7probook_650_g5_firmwareprobook_450_g6z2_small_form_factor_g4zbook_power_g7prodesk_400_g6_desktop_mini_pcprobook_440_g6_firmwareelitebook_828_g3_firmwareeliteone_800_g4_23.8-inch_touch_all-in-one_pcelitebook_850_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc_firmwarez2_mini_g5elitebook_x360_1030_g8_firmwareprobook_11_g2_education_editionzbook_x2_g4zbook_firefly_14_g7_firmwareprodesk_480_g7_pci_microtower_pc_firmwareprodesk_600_g6_desktop_mini_pc_firmware280_g4_microtower_\(rom_family_ssid_843c\)proone_400_g6_20_all-in-one_pc_firmwareprodesk_400_g7_small_form_factor_pcspectre_pro_13_g1elitebook_830_g7_firmwareprobook_470_g5_firmwareelitebook_840_g7_firmwarezhan_66_pro_g3_22_all-in-one_pc200_g3_all-in-one_\(rom_family_ssid_84de\)256_g6260_g3_desktop_mini_pc_firmwareprodesk_600_g5_microtower_pc_\(with_pci_slot\)eliteone_1000_g1_23.8-in_touch_all-in-one_business_pc_firmware280_g4_small_form_factor_\(rom_family_ssid_8768\)_firmware200_g4_22_all-in-one_pc_\(rom_family_ssid_86f0\)_firmwareelite_slice_g2_-_audio_ready_with_zoom_rooms_firmwarez440_workstation_firmware290_g2_microtower_\(rom_family_ssid_843c\)elitedesk_800_g5_small_form_factor_pcproone_440_g6_24_all-in-one_pcprodesk_600_g2_small_form_factor_pczhan_86_pro_g1_microtower_pc_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pceliteone_800_g4_23.8-inch_non-touch_all-in-one_pcprobook_440_g8_firmwareelitebook_840_g6_healthcare_editioneliteone_800_g6_24_all-in-one_pc_firmwarezbook_17_g4_firmwareprodesk_400_g7_microtower_pct430_thin_clientdesktop_pro_g3_microtower_firmware246_g4_firmwarezhan_66_pro_13_g2_firmwareprobook_450_g6_firmwareprobook_11_g2_education_edition_firmwareelite_slice_g2_with_zoom_roomsproone_440_g3_\(rom_family_ssid_82dc\)elitebook_x360_1020_g2elitebook_1050_g1_firmwareeliteone_1000_g2_23.8-in_all-in-one_business_pc_firmwareprobook_430_g8_firmwareprodesk_680_g2_microtower_pcdesktop_pro_microtower_pc_firmwarezbook_15u_g4proone_400_g2_20-inch_non-touch_all-in-one_pc348_g4_firmwaredesktop_pro_g3_microtowerelite_x2_1012_g1_firmwareproone_490_g3_\(rom_family_ssid_82dc\)_firmwareprobook_x360_11_g4_education_editionprobook_430_g5HP PC BIOS
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34460
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.32% / 54.15%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34459
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 53.16%
||
7 Day CHG~0.00%
Published-16 Jul, 2021 | 20:19
Updated-19 Nov, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows AppContainer Elevation Of Privilege Vulnerability

Windows AppContainer Elevation Of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_10windows_server_2019Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows Server 2016Windows 10 Version 20H2Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30298
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-7||HIGH
EPSS-0.09% / 26.43%
||
7 Day CHG~0.00%
Published-06 Sep, 2022 | 15:10
Updated-25 Oct, 2024 | 13:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper privilege management vulnerability [CWE-269] in Fortinet FortiSOAR before 7.2.1 allows a GUI user who has already found a way to modify system files (via another, unrelated and hypothetical exploit) to execute arbitrary Python commands as root.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortisoarFortinet FortiSOAR
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31523
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.04% / 11.62%
||
7 Day CHG~0.00%
Published-21 Apr, 2021 | 18:41
Updated-03 Aug, 2024 | 23:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Debian xscreensaver 5.42+dfsg1-1 package for XScreenSaver has cap_net_raw enabled for the /usr/libexec/xscreensaver/sonar file, which allows local users to gain privileges because this is arguably incompatible with the design of the Mesa 3D Graphics library dependency.

Action-Not Available
Vendor-xscreensaver_projectn/a
Product-xscreensavern/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-48418
Matching Score-4
Assigner-Google Devices
ShareView Details
Matching Score-4
Assigner-Google Devices
CVSS Score-10||CRITICAL
EPSS-0.06% / 17.64%
||
7 Day CHG~0.00%
Published-02 Jan, 2024 | 22:25
Updated-03 Jun, 2025 | 14:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User Build misconfiguration resulting in local escalation of privilege

In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a     possible way to access adb before SUW completion due to an insecure default     value. This could lead to local escalation of privilege with no additional     execution privileges needed. User interaction is not needed for     exploitation

Action-Not Available
Vendor-Google LLC
Product-pixel_watchpixel_watch_firmwarePixel Watch
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-48226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-0.03% / 6.08%
||
7 Day CHG~0.00%
Published-04 Apr, 2023 | 00:00
Updated-13 Feb, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Acuant AcuFill SDK before 10.22.02.03. During installation, an EXE gets executed out of C:\Windows\Temp. A standard user can create the path file ahead of time and obtain elevated code execution. Permissions need to be modified to prevent manipulation.

Action-Not Available
Vendor-gbgplcn/a
Product-acuant_acufill_sdkn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-31168
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.27%
||
7 Day CHG~0.00%
Published-11 May, 2021 | 19:11
Updated-03 Aug, 2024 | 22:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Container Manager Service Elevation of Privilege Vulnerability

Windows Container Manager Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10Windows Server version 2004Windows 10 Version 2004Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-37942
Matching Score-4
Assigner-Elastic
ShareView Details
Matching Score-4
Assigner-Elastic
CVSS Score-7||HIGH
EPSS-0.09% / 27.14%
||
7 Day CHG~0.00%
Published-22 Nov, 2023 | 01:33
Updated-04 Aug, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
APM Java Agent Local Privilege Escalation

A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious plugin to an application running the APM Java agent. By using this vulnerability, an attacker could execute code at a potentially higher level of permissions than their user typically has access to.

Action-Not Available
Vendor-Elasticsearch BV
Product-apm_java_agentElastic APM Java Agent
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-29449
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.3||MEDIUM
EPSS-11.36% / 93.28%
||
7 Day CHG~0.00%
Published-14 Apr, 2021 | 22:05
Updated-03 Aug, 2024 | 22:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple Privilege Escalation Vulnerabilities Pihole

Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Multiple privilege escalation vulnerabilities were discovered in version 5.2.4 of Pi-hole core. See the referenced GitHub security advisory for details.

Action-Not Available
Vendor-pi-holepi-hole
Product-pi-holepi-hole
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2024-0674
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.3||MEDIUM
EPSS-0.02% / 4.29%
||
7 Day CHG~0.00%
Published-30 Jan, 2024 | 12:19
Updated-29 May, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines

Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js.

Action-Not Available
Vendor-lamassuLamassu
Product-douro_firmwaredouro_iidourodouro_ii_firmwareBitcoin ATM Douro machines
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2021-36963
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.39% / 59.52%
||
7 Day CHG+0.09%
Published-15 Sep, 2021 | 11:23
Updated-04 Aug, 2024 | 01:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2022windows_server_2019windows_server_2008Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-28322
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.69% / 70.77%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2014-9322
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-5.76% / 90.12%
||
7 Day CHG~0.00%
Published-17 Dec, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.

Action-Not Available
Vendor-n/aopenSUSELinux Kernel Organization, IncSUSERed Hat, Inc.Google LLCCanonical Ltd.
Product-linux_kernelenterprise_linux_eusubuntu_linuxevergreensuse_linux_enterprise_serverandroidn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-12798
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.16% / 37.37%
||
7 Day CHG~0.00%
Published-15 May, 2020 | 17:33
Updated-04 Aug, 2024 | 12:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.

Action-Not Available
Vendor-sun-denshin/a
Product-universal_forensic_extraction_device_touch_2universal_forensic_extraction_device_ruggedized_panasonic_laptopuniversal_forensic_extraction_device_firmwareuniversal_forensic_extraction_device_touch_2_ruggedizedn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34487
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.10% / 28.06%
||
7 Day CHG~0.00%
Published-12 Aug, 2021 | 18:12
Updated-24 Jul, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2019Windows 10 Version 2004Windows 10 Version 20H2Windows Server 2016Windows Server 2016 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 1607
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27445
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.03% / 7.00%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 17:54
Updated-17 Sep, 2024 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Mesa Labs AmegaView Improper Privilege Management

Mesa Labs AmegaView Versions 3.0 and prior has insecure file permissions that could be exploited to escalate privileges on the device.

Action-Not Available
Vendor-mesalabsMesa Labs
Product-amegaviewAmegaView
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-27767
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.53%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 18:10
Updated-16 Sep, 2024 | 20:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform Console is affected by a Privilege Escalation Vulnerability

The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_platformBigFix Platform
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-34488
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.13% / 33.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2021 | 17:54
Updated-04 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Console Driver Elevation of Privilege Vulnerability

Windows Console Driver Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows Server 2019 (Server Core installation)Windows 10 Version 21H1Windows 10 Version 1809Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27766
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 12.53%
||
7 Day CHG~0.00%
Published-06 May, 2022 | 18:10
Updated-17 Sep, 2024 | 03:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL BigFix Platform Client is affected by a Privilege Escalation Vulnerability

The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-bigfix_platformBigFix Platform
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27483
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.8||HIGH
EPSS-0.04% / 9.70%
||
7 Day CHG~0.00%
Published-16 Jun, 2021 | 12:17
Updated-03 Aug, 2024 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ZOLL Defibrillator Dashboard, v prior to 2.2,The affected products contain insecure filesystem permissions that could allow a lower privilege user to escalate privileges to an administrative level user.

Action-Not Available
Vendor-zolln/a
Product-defibrillator_dashboardZOLL Defibrillator Dashboard
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2023-47145
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-8.4||HIGH
EPSS-0.01% / 2.05%
||
7 Day CHG~0.00%
Published-07 Jan, 2024 | 18:58
Updated-11 Jun, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Db2 for Windows privilege escalation

IBM Db2 for Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow a local user to escalate their privileges to the SYSTEM user using the MSI repair functionality. IBM X-Force ID: 270402.

Action-Not Available
Vendor-IBM CorporationMicrosoft Corporation
Product-windowsdb2Db2db2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-28313
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.67% / 70.47%
||
7 Day CHG~0.00%
Published-13 Apr, 2021 | 19:32
Updated-03 Aug, 2024 | 21:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016visual_studiovisual_studio_2019windows_10visual_studio_2017windows_server_2019Windows 10 Version 2004Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Microsoft Visual Studio 2015 Update 3Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-27077
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-2.39% / 84.41%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:50
Updated-03 Aug, 2024 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-26863
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7||HIGH
EPSS-0.24% / 46.37%
||
7 Day CHG~0.00%
Published-11 Mar, 2021 | 15:37
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Win32k Elevation of Privilege Vulnerability

Windows Win32k Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows Server version 2004Windows 10 Version 1803Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server, version 1909 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47101
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 20.51%
||
7 Day CHG~0.00%
Published-30 Oct, 2023 | 00:00
Updated-09 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The installer (aka openvpn-client-installer) in Securepoint SSL VPN Client before 2.0.40 allows local privilege escalation during installation or repair.

Action-Not Available
Vendor-securepointn/a
Product-openvpn-clientn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25651
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-8||HIGH
EPSS-0.10% / 28.57%
||
7 Day CHG~0.00%
Published-24 Jun, 2021 | 08:55
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya Aura Utility Services Privilege Escalation Vulnerability

A privilege escalation vulnerability was discovered in Avaya Aura Utility Services that may potentially allow a local user to escalate privileges. Affects all 7.x versions of Avaya Aura Utility Services

Action-Not Available
Vendor-Avaya LLC
Product-aura_utility_servicesAvaya Aura Utility Services
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25428
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.01% / 2.06%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:43
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-20
Improper Input Validation
CVE-2021-25377
Matching Score-4
Assigner-Samsung Mobile
ShareView Details
Matching Score-4
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.04% / 12.31%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:39
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexperience_serviceSamsung Experience Service
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-26441
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.35% / 56.87%
||
7 Day CHG~0.00%
Published-13 Oct, 2021 | 00:26
Updated-03 Aug, 2024 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Storage Spaces Controller Elevation of Privilege Vulnerability

Storage Spaces Controller Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_serverwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_11windows_10windows_server_2022windows_server_2019Windows Server 2022Windows 10 Version 1607Windows Server version 2004Windows 10 Version 21H1Windows Server 2019 (Server Core installation)Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 11 version 21H2Windows 8.1Windows Server 2012 (Server Core installation)Windows Server version 20H2Windows 10 Version 1909Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2012 R2Windows Server 2012Windows Server 2019Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2020-12615
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.15% / 36.76%
||
7 Day CHG~0.00%
Published-12 Dec, 2023 | 00:00
Updated-28 Aug, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes.

Action-Not Available
Vendor-n/aBeyondTrust Corporation
Product-privilege_management_for_windowsn/a
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-25657
Matching Score-4
Assigner-Avaya, Inc.
ShareView Details
Matching Score-4
Assigner-Avaya, Inc.
CVSS Score-7.8||HIGH
EPSS-0.06% / 20.07%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 01:05
Updated-17 Sep, 2024 | 01:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Avaya IP Office Privilege Escalation Vulnerability

A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.

Action-Not Available
Vendor-Avaya LLC
Product-ip_officeIP Office
CWE ID-CWE-269
Improper Privilege Management
CVE-2015-0949
Matching Score-4
Assigner-CERT/CC
ShareView Details
Matching Score-4
Assigner-CERT/CC
CVSS Score-7.8||HIGH
EPSS-0.08% / 23.55%
||
7 Day CHG~0.00%
Published-30 Jan, 2020 | 20:45
Updated-06 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory.

Action-Not Available
Vendor-HPDell Inc.HP Inc.
Product-latitude_e6430elitebook_850_g1latitude_e6430_firmwareelitebook_850_g1_firmwareLatitude E6430EliteBook 850 G1
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-46334
Matching Score-4
Assigner-Proofpoint Inc.
ShareView Details
Matching Score-4
Assigner-Proofpoint Inc.
CVSS Score-7.8||HIGH
EPSS-0.04% / 12.51%
||
7 Day CHG~0.00%
Published-21 Dec, 2022 | 20:05
Updated-15 Apr, 2025 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Proofpoint Enterprise Protection Local Privilege Escalation

Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.

Action-Not Available
Vendor-proofpointProofpoint
Product-enterprise_protectionenterprise_protection
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-23877
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 5.86%
||
7 Day CHG~0.00%
Published-26 Oct, 2021 | 21:40
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee Total Protection (MTP) - Privilege Escalation vulnerability

Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection (MTP)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-23874
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-8.2||HIGH
EPSS-0.83% / 73.65%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 10:25
Updated-30 Jul, 2025 | 01:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-11-17||Apply updates per vendor instructions.
McAfee Total Protection (MTP) privilege escalation vulnerability

Arbitrary Process Execution vulnerability in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and execute arbitrary code bypassing MTP self-defense.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection (MTP)McAfee Total Protection (MTP)
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-732
Incorrect Permission Assignment for Critical Resource
CVE-2021-23893
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-8.8||HIGH
EPSS-0.03% / 5.52%
||
7 Day CHG~0.00%
Published-01 Oct, 2021 | 09:25
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege Escalation vulnerability in McAfee Drive Encryption (MDE)

Privilege Escalation vulnerability in a Windows system driver of McAfee Drive Encryption (DE) prior to 7.3.0 could allow a local non-admin user to gain elevated system privileges via exploiting an unutilized memory buffer.

Action-Not Available
Vendor-McAfee, LLC
Product-drive_encryptionMcAfee Drive Encryption (MDE)
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47201
Matching Score-4
Assigner-Trend Micro, Inc.
ShareView Details
Matching Score-4
Assigner-Trend Micro, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 8.85%
||
7 Day CHG~0.00%
Published-23 Jan, 2024 | 20:38
Updated-29 Aug, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A plug-in manager origin validation vulnerability in the Trend Micro Apex One security agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This vulnerability is similar to, but not identical to, CVE-2023-47200.

Action-Not Available
Vendor-Trend Micro Incorporated
Product-apex_oneTrend Micro Apex OneTrend Micro Apex One as a Serviceapex_one
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-47611
Matching Score-4
Assigner-Kaspersky
ShareView Details
Matching Score-4
Assigner-Kaspersky
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.24%
||
7 Day CHG~0.00%
Published-10 Nov, 2023 | 16:38
Updated-02 Aug, 2024 | 21:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A CWE-269: Improper Privilege Management vulnerability exists in Telit Cinterion BGS5, Telit Cinterion EHS5/6/8, Telit Cinterion PDS5/6/8, Telit Cinterion ELS61/81, Telit Cinterion PLS62 that could allow a local, low privileged attacker to elevate privileges to "manufacturer" level on the targeted system.

Action-Not Available
Vendor-telitTelit Cinterion
Product-els61pds5pds8els61_firmwarepds5_firmwarebgs5els81_firmwarebgs5_firmwareehs8_firmwarepds6_firmwarepds6ehs6_firmwarepds8_firmwareels81pls62ehs5_firmwareehs5ehs8pls62_firmwareehs6EHS6 Rel.3EHS8EHS8 Rel.4BGS5ELS61-E2 Rel.1ELS61-US Rel.2ELS61-AUS Rel.1ELS61-E Rel.2EHS6 Rel.4PDS8ELS61-AUSELS61-E Rel.1 MREHS5-US Rel.4ELS61-US Rel.1 MRELS81-USELS81-E Rel.1ELS61-AUS Rel.1 MRPDS5-E Rel.1EHS6 Rel.2ELS81-E Rel.1.1EHS6-A Rel.4PDS5-EELS61-E Rel.1EHS6PLS62-W Rel.1PDS5-E Rel.4EHS5-EPLS62-WPDS6ELS81-EEHS5-USELS61-E2 Rel.1 MRELS61-EPDS5-USELS81-US Rel.1.1
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-1215
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-3.05% / 86.16%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 21:24
Updated-30 Jul, 2025 | 01:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1709windows_server_2008windows_server_2012windows_10_1607windows_server_2019windows_10_1703windows_8.1windows_7windows_10_1903windows_10_1507windows_server_1903windows_10_1809windows_10_1803windows_rt_8.1windows_server_1803Windows 10 Version 1903 for x64-based SystemsWindows Server, version 1903 (Server Core installation)Windows 10 Version 1903 for 32-bit SystemsWindows 10 Version 1903 for ARM64-based SystemsWindowsWindows ServerWindows
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-24102
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.33% / 55.33%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Event Tracing Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows 8.1Windows Server 2012 (Server Core installation)Windows 7Windows Server version 20H2Windows 10 Version 1909Windows 7 Service Pack 1Windows 10 Version 20H2Windows Server 2016Windows 10 Version 2004Windows 10 Version 1507Windows Server 2008 R2 Service Pack 1Windows 10 Version 1803Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2012 R2Windows Server 2019Windows Server, version 1909 (Server Core installation)Windows Server 2012Windows Server 2008 Service Pack 2Windows Server 2012 R2 (Server Core installation)
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-23876
Matching Score-4
Assigner-Trellix
ShareView Details
Matching Score-4
Assigner-Trellix
CVSS Score-7.8||HIGH
EPSS-0.03% / 8.15%
||
7 Day CHG~0.00%
Published-10 Feb, 2021 | 10:25
Updated-03 Aug, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
McAfee Total Protection (MTP) Bypass Remote Procedure call vulnerability

Bypass Remote Procedure call in McAfee Total Protection (MTP) prior to 16.0.30 allows a local user to gain elevated privileges and perform arbitrary file modification as the SYSTEM user potentially causing Denial of Service via executing carefully constructed malware.

Action-Not Available
Vendor-McAfee, LLC
Product-total_protectionMcAfee Total Protection (MTP)
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-27677
Matching Score-4
Assigner-Advanced Micro Devices Inc.
ShareView Details
Matching Score-4
Assigner-Advanced Micro Devices Inc.
CVSS Score-7.8||HIGH
EPSS-0.05% / 13.41%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 19:52
Updated-19 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to validate privileges during installation of AMD Ryzen™ Master may allow an attacker with low privileges to modify files potentially leading to privilege escalation and code execution by the lower privileged user.

Action-Not Available
Vendor-AMDAdvanced Micro Devices, Inc.
Product-ryzen_masterRyzen™ Master
CWE ID-CWE-269
Improper Privilege Management
CVE-2021-24096
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-5.81% / 90.17%
||
7 Day CHG~0.00%
Published-25 Feb, 2021 | 23:01
Updated-03 Aug, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Kernel Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_server_2019windows_10Windows 10 Version 2004Windows 10 Version 1607Windows Server version 2004Windows Server 2019 (Server Core installation)Windows Server 2016Windows 10 Version 1809Windows Server 2016 (Server Core installation)Windows Server 2019Windows Server version 20H2Windows 10 Version 20H2
CWE ID-CWE-269
Improper Privilege Management
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 14
  • 15
  • Next
Details not found