Main Vulnerability Database Exploits ID:6612 - Exploit for Improper access control in Windows and Windows Server - CVE-2021-36934

ID:6612 - Exploit for Improper access control in Windows and Windows Server - CVE-2021-36934

Published: August 11, 2021

Vulnerability identifier: #VU55140

Vulnerability risk: Low

CVE-ID: CVE-2021-36934

CWE-ID: CWE-284

Exploitation vector: Local access

Vulnerable software:
Windows
Windows Server

Link to public exploit:

https://github.com/OlivierLaflamme/CVE-2021-36934_export_shadow_volume

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. A local user can run arbitrary code with SYSTEM privileges.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

ID:6612 - Exploit for Improper access control in Windows and Windows Server - CVE-2021-36934

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human