CVE-2021-36942

ENISA EUVD: EUVD-2021-23518 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 4 articles Published: 2021-08-12

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

93.73%

probability

This CVE has a 93.73% probability of being exploited in the next 30 days.

0% Top 99.9th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.5

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Temporal

Exploit Code Maturity

Functional

Remediation Level

Official Fix

Report Confidence

Confirmed

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:F/RL:O/RC:C

CVSS v2 (legacy)

5.0

MEDIUM

Access Vector

Network

Access Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Description

NVD

Windows LSA Spoofing Vulnerability

Affected Products

Microsoft

Windows Server 2019

10.0.0

Microsoft

Windows Server 2019 (Server Core installation)

10.0.0

Microsoft

Windows Server version 2004

10.0.0

Microsoft

Windows Server version 20H2

10.0.0

Microsoft

Windows Server 2016

10.0.0

microsoft

windows server 2004

microsoft

windows server 2008

microsoft

windows server 2012

microsoft

windows server 2016

microsoft

windows server 2019

Microsoft

Windows Server 2012 R2 (Server Core installation)

6.3.0 <6.3.9600.20094

Microsoft

Windows Server 2016 (Server Core installation)

10.0.0 <10.0.14393.4583

Microsoft

Windows Server 2012 R2

6.3.0 <6.3.9600.20094

Microsoft

Windows Server 2012 (Server Core installation)

6.2.0 <6.2.9200.23435

Microsoft

Windows Server 2019 (Server Core installation)

10.0.0 <10.0.17763.2114

Microsoft

Windows Server 2008 Service Pack 2 (Server Core installation)

6.0.0 <6.0.6003.21192

Microsoft

Windows Server version 2004

10.0.0 <10.0.19041.1165

Microsoft

Windows Server 2008 R2 Service Pack 1

6.1.0 <6.1.7601.25685

Microsoft

Windows Server version 20H2

10.0.0 <10.0.19042.1165

Microsoft

Windows Server 2008 Service Pack 2

6.0.0 <6.0.6003.21192

Microsoft

Windows Server 2008 Service Pack 2

6.0.0 <6.0.6003.21192

Microsoft

Windows Server 2019

10.0.0 <10.0.17763.2114

Microsoft

Windows Server 2016

10.0.0 <10.0.14393.4583

Microsoft

Windows Server 2008 R2 Service Pack 1 (Server Core installation)

6.0.0 <6.1.7601.25685

Microsoft

Windows Server 2012

6.2.0 <6.2.9200.23435

https://www.kb.cert.org/vuls/id/405600

third-party-advisory x_refsource_CERT-VN

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36942

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

85%

EPSS 93.73%

CVSS v3.1 7.5

Mentions 4

Last Seen May 08, 2025

CNA Information

CNA Assigner

microsoft

CNA Title

Windows LSA Spoofing Vulnerability

Analyst Note

CVE-2021-36942 is explicitly named in the August 2021 Microsoft Patch Tuesday article as a critical Windows LSA vulnerability included among three 0-day patches released that month. The explicit identification as a 0-day in an authoritative Qualys Patch Tuesday report, combined with simultaneous patch and vulnerability disclosure timing (August 2021), meets the confirmation criteria for zero-day classification.

Threat Actors 6

APT27

apt_group Information theft and espionage 🇨🇳 CN

Cron

apt_group 🇷🇺 RU

Hacking Team

apt_group 🇮🇹 IT

TA505

apt_group Financial gain 🇷🇺 RU

Shadow Network

apt_group Information theft and espionage 🇨🇳 CN

Operation Shadow Force

apt_group 🇨🇳 CN

Triage Info

Decided atMar 20, 2026

Published DateAug 12, 2021