The vulnerability allows attackers to bypass intended access restrictions at the affected software.
[ CVE Description ]
[*] CVE_ID : CVE-2021-21552
[_] Desc : Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.
[ Kenna.VM Summary ]
[*] Vuln Risk : 20.3938
[*] Easily_Exploit : False
[*] Malware_Exploit : False
[*] Popular_Target : False
[*] Active_Internet_Breach : False
[ Kenna.VI+ ]
[*] Successful_Exploitations : 0
[*] Velocity (D/W/M) : 0/0/0
[*] Daily_Trend : holding
[*] Pre_NVD : True [_FALSE_]
[*] RCE : True [_FALSE_]
[*] Predicted_Exploitable : 0 (0.0151% confidence)
[ Kenna.VI+ Details ]
[_] Created_at : 2021-01-04T18:00:05Z
[_] Published : 2021-05-21T20:15:00Z
[_] Last_Modified : 2021-06-02T12:30:00Z
[ Links / References ]
[*] Malware sample : 0
[_] Exploits/POC [0]:
[ --> ] None
[_] Fixes [0]:
[ --> ] None
[_] Threat Actors [0]:
[ --> ] None
[ CVSS2 / CVSS3 Details ]
| Impact | | | CVSS_Access
================+==========+===+================+==============
Availability | Complete | | Complexity | Low
Confidentiality | Complete | | Vector | Local access
Integrity | Complete | | Authentication | None required
| CVSS_V2 | CVSS_V3
==============+=========+========
Base Score | 7.200 | 8.800
Exploit_Score | 3.900 | 2.000
Impact_Score | 10.000 | 6.000
Temporal | 7.200 | None
[*] CVSS v2 vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
[*] CVSS v3 vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
[ Others ]
[*] Vulnerable Products [1] :
[ --> ] cpe:2.3:o:microsoft:windows_10:*:*:*:*:enterprise_ltsc:*:*:*
[ CVE Malware Family Info : None ]
[ High_Profile_Vulnerability ]
[!!!] CVE-2021-21552 (20.3938) : []
** [5] threads completed [2 tasks] / [1.86 KB] within [2.06 sec].