CyberSec.Space Logo
Back to CVE Browser

CVE-2021-36934

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score69.6680%
EPSS Percentile91.36th
PublishedJul 22, 2021
Last ModifiedFeb 25, 2026

Vulnerability Description

<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>

Affected Platforms (CPE)

πŸ’»
Microsoft

Windows 10 1809

< 10.0.17763.2114
πŸ’»
Microsoft

Windows 10 1909

< 10.0.18363.1734
πŸ’»
Microsoft

Windows 10 2004

< 10.0.19041.1165
πŸ’»
Microsoft

Windows 10 20h2

< 10.0.19042.1165
πŸ’»
Microsoft

Windows 10 21h1

< 10.0.19043.1165

References & Advisories

πŸ”— http://packetstormsecurity.com/files/164006/HiveNightmare-AKA-SeriousSAM.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36934
πŸ”— http://packetstormsecurity.com/files/164006/HiveNightmare-AKA-SeriousSAM.html
πŸ”— https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36934
πŸ”— https://www.kb.cert.org/vuls/id/506989
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-36934

Related Vulnerabilities

CVE-2018-85926.4

An elevation of privilege vulnerability exists in Windows 10 version 1809 when installed from physical media (USB, DVD, etc, aka "...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...