Windows Print Spooler Remote Code Execution Vulnerability
Published 2021-06-08 23:15:08
Updated 2023-08-01 23:15:11
View at NVD,   CVE.org
Vulnerability category: Execute code

CVE-2021-1675 is in the CISA Known Exploited Vulnerabilities Catalog

This issue is known to have been leveraged as part of a ransomware campaign.
CISA vulnerability name:
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
Added on 2021-11-03 Action due date 2021-11-17

Exploit prediction scoring system (EPSS) score for CVE-2021-1675

96.57%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2021-1675

  • Print Spooler Remote DLL Injection
    Disclosure Date: 2021-06-08
    First seen: 2022-12-23
    exploit/windows/dcerpc/cve_2021_1675_printnightmare
    The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vector which requires the Print Spooler service to be run
  • Print Spooler Remote DLL Injection
    First seen: 2021-07-07
    auxiliary/admin/dcerpc/cve_2021_1675_printnightmare
    auxiliary/admin/dcerpc/cve_2021_1675_printnightmare The print spooler service can be abused by an authenticated remote attacker to load a DLL through a crafted DCERPC request, resulting in remote code execution as NT AUTHORITY\SYSTEM. This module uses the MS-RPRN vecto

CVSS scores for CVE-2021-1675

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
9.3
HIGH AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
NIST
8.8
HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
2.8
5.9
NIST
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
1.8
5.9
Microsoft Corporation

CWE ids for CVE-2021-1675

  • The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2021-1675

Products affected by CVE-2021-1675

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!