CVE-2021-36942
Published: 12 August 2021
Summary
CVE-2021-36942 is a high-severity an unspecified weakness vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 7.5 (High).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-8 (Transmission Confidentiality and Integrity).
Deeper analysis
CVE-2021-36942 is a spoofing vulnerability affecting the Local Security Authority (LSA) component in Windows. It carries a CVSS 3.1 base score of 7.5 with a vector indicating network attack vector, low attack complexity, no required privileges or user interaction, and high impact to confidentiality.
An unauthenticated attacker can exploit the flaw remotely to spoof LSA communications and obtain sensitive information from the affected system.
Microsoft security advisories and related CERT coordination guidance address mitigation steps, while the vulnerability appears in CISA's catalog of known exploited vulnerabilities in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-23518
Vulnerability details
Windows LSA Spoofing Vulnerability
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces information flow policies on LSA communications, blocking the unauthenticated spoofing that enables remote disclosure.
Requires cryptographic integrity protection for LSA network transmissions, directly stopping spoofing of LSA messages.
Mandates identification and authentication of services such as LSA before allowing communications, mitigating the unauthenticated remote spoof.