Cyber Resilience

CVE-2021-31958

High

Published: 08 June 2021

Published
08 June 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0212 84.5th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-31958 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Microsoft Windows 10. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 15.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Windows NTLM Elevation of Privilege Vulnerability

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

microsoft
windows 10
1607, 1809, 1909, 2004, 20h2
microsoft
windows 7
all versions
microsoft
windows 8.1
all versions
microsoft
windows rt 8.1
all versions
microsoft
windows server 2008
r2, sp2
microsoft
windows server 2012
all versions, r2
microsoft
windows server 2016
1909, 2004, 20h2, all versions
microsoft
windows server 2019
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-294

Allows detection of capture-replay attacks by showing the replayed logon's timestamp as the last logon.

addresses: CWE-294

Protects against replay of captured session tokens or credentials by requiring authenticated, fresh session channels.

addresses: CWE-294

Wireless link protections commonly incorporate replay protection, reducing the exploitability of capture-replay weaknesses.

addresses: CWE-294

Accurate synchronized time enables tight timestamp windows that directly limit capture-replay windows in authentication protocols.

References