8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.675 Medium
EPSS
Percentile
97.6%
Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability
Recent assessments:
gwillcox-r7 at June 17, 2021 4:20pm UTC reported:
Not got much to contribute due to limited public information at this time but I did want to note that the Confidentiality
and Integrity
scores for this are oddly listed as Low
, the Availability
as None
, and yet Scope
is marked as Changed
. My guess is that this is some sort of sandbox related escape given that if we were able to get higher permissions these scores would be a lot higher.
architect00 at June 09, 2021 6:57am UTC reported:
Not got much to contribute due to limited public information at this time but I did want to note that the Confidentiality
and Integrity
scores for this are oddly listed as Low
, the Availability
as None
, and yet Scope
is marked as Changed
. My guess is that this is some sort of sandbox related escape given that if we were able to get higher permissions these scores would be a lot higher.
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 0
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.675 Medium
EPSS
Percentile
97.6%