Skip to content

ZZ-SOCMAP/CVE-2021-31166

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
.gitignore
.gitignore
 
 
CVE-2021-31166.py
CVE-2021-31166.py
 
 
LICENSE
LICENSE
 
 
README.org
README.org
 
 
main.go
main.go
 
 
requirements.txt
requirements.txt
 
 
trigger.gif
trigger.gif
 
 

Repository files navigation

CVE-2021-31166

Description

  • POC for CVE-2021-31166: Windows HTTP协议栈远程代码执行漏洞
  • create by antx at 2021-09-27.

Detail

CVE Severity

  • attackComplexity: LOW
  • attackVector: NETWORK
  • availabilityImpact: HIGH
  • confidentialityImpact: HIGH
  • integrityImpact: HIGH
  • privilegesRequired: NONE
  • scope: CHANGED
  • userInteraction: NONE
  • version: 3.1
  • baseScore: 9.8
  • baseSeverity: CRITICAL

Affect

  • Windows Server, version 2004 (or 20H1) (Server Core installation),
  • Windows 10 Version 2004 (or 20H1) for ARM64/x64/32-bit Systems,
  • Windows Server, version 20H2 (Server Core Installation),
  • Windows 10 Version 20H2 for ARM64/x64/32-bit Systems.
  • Windows Remote Management (WinRM)
  • Web Services on Devices (WSDAPI)
  • Lack of KB4598481 KB5003173 KB5000736 windows system patch or the system iso is before 2021-05.

POC

Reference

About

Windows HTTP协议栈远程代码执行漏洞 CVE-2021-31166

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

19 stars

Watchers

1 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages