CVE-2021-31166

CVE-2021-31166 copied to clipboard

• CVE-2021-31166

** Description - POC for CVE-2021-31166: Windows HTTP协议栈远程代码执行漏洞 - create by antx at 2021-09-27.

** Detail - [[./trigger.gif][Poc-Gif]]

** CVE Severity - attackComplexity: LOW - attackVector: NETWORK - availabilityImpact: HIGH - confidentialityImpact: HIGH - integrityImpact: HIGH - privilegesRequired: NONE - scope: CHANGED - userInteraction: NONE - version: 3.1 - baseScore: 9.8 - baseSeverity: CRITICAL

** Affect - Windows Server, version 2004 (or 20H1) (Server Core installation), - Windows 10 Version 2004 (or 20H1) for ARM64/x64/32-bit Systems, - Windows Server, version 20H2 (Server Core Installation), - Windows 10 Version 20H2 for ARM64/x64/32-bit Systems. - Windows Remote Management (WinRM) - Web Services on Devices (WSDAPI) - Lack of KB4598481 KB5003173 KB5000736 windows system patch or the system iso is before 2021-05.

** POC - [[./CVE-2021-31166.py][Python-Poc]] - [[./main.go][Golang-Poc]]

** Reference - Ref-Source - [[https://github.com/0vercl0k/CVE-2021-31166][0vercl0k/CVE-2021-31166]] - Ref-Article - [[https://www.freebuf.com/vuls/281302.html][CVE-2021-31166 Windows HTTP协议栈远程代码执行漏洞复现]] - Ref-Risk - [[https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166][HTTP Protocol Stack Remote Code Execution Vulnerability]] - [[https://nvd.nist.gov/vuln/detail/CVE-2021-31166][NVD<CVE-2021-31166>]] - CVE - [[https://github.com/CVEProject/cvelist/blob/master/2021/31xxx/CVE-2021-31166.json][CVE-2021-31166]]