一、 漏洞 CVE-2021-36934 基础信息
漏洞信息
                                        # Windows权限提升漏洞

## 漏洞概述
由于多个系统文件(包括安全账户管理器(SAM)数据库)的访问控制列表(ACL)过于宽松,存在权限提升漏洞。成功利用此漏洞的攻击者可以以SYSTEM权限运行任意代码。

## 影响版本
未指定具体版本,但涉及使用SAM数据库的系统。

## 漏洞细节
攻击者必须具备在目标系统上执行代码的能力,才能利用此漏洞。成功利用此漏洞的攻击者可以安装程序、查看、更改或删除数据、或创建具有完全用户权限的新账户。

## 影响
攻击者可以利用该漏洞提升其在系统中的权限。仅为安装安全更新并不会完全缓解此漏洞,还必须手动删除所有系统文件(包括SAM数据库)的影子副本。
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Windows Elevation of Privilege Vulnerability
来源:美国国家漏洞数据库 NVD
漏洞描述信息
<p>An elevation of privilege vulnerability exists because of overly permissive Access Control Lists (ACLs) on multiple system files, including the Security Accounts Manager (SAM) database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p> <p>An attacker must have the ability to execute code on a victim system to exploit this vulnerability.</p> <p>After installing this security update, you <em>must</em> manually delete all shadow copies of system files, including the SAM database, to fully mitigate this vulnerabilty. <strong>Simply installing this security update will not fully mitigate this vulnerability.</strong> See <a href="https://support.microsoft.com/topic/1ceaa637-aaa3-4b58-a48b-baf72a2fa9e7">KB5005357- Delete Volume Shadow Copies</a>.</p>
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
N/A
来源:美国国家漏洞数据库 NVD
漏洞标题
Microsoft Windows 访问控制错误漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Microsoft Windows是美国微软(Microsoft)公司的一种桌面操作系统。 Microsoft Windows 存在访问控制错误漏洞,该漏洞源于系统对多个系统文件的访问控制列表过于宽松,因此存在特权提升漏洞。成功利用此漏洞的攻击者可以使用SYSTEM权限运行任意代码。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2021-36934 的公开POC
# POC 描述 源链接 神龙链接
1 Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation https://github.com/HuskyHacks/ShadowSteal POC详情
2 Fix for the CVE-2021-36934 https://github.com/JoranSlingerland/CVE-2021-36934 POC详情
3 Detection and Mitigation script for CVE-2021-36934 (HiveNightmare aka. SeriousSam) https://github.com/n3tsurge/CVE-2021-36934 POC详情
4 Small and dirty PoC for CVE-2021-36934 https://github.com/Wh04m1001/VSSCopy POC详情
5 PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer https://github.com/WiredPulse/Invoke-HiveNightmare POC详情
6 HiveNightmare a.k.a. SeriousSam Local Privilege Escalation in Windows – CVE-2021-36934 https://github.com/romarroca/SeriousSam POC详情
7 A capability to identify and remediate CVE-2021-36934 (HiveNightmare) https://github.com/WiredPulse/Invoke-HiveDreams POC详情
8 CVE-2021-36934 PowerShell Fix https://github.com/tda90/CVE-2021-36934 POC详情
9 Windows Elevation of Privilege Vulnerability (SeriousSAM) https://github.com/VertigoRay/CVE-2021-36934 POC详情
10 CVE-2021-36934 PowerShell scripts https://github.com/bytesizedalex/CVE-2021-36934 POC详情
11 C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM https://github.com/Preventions/CVE-2021-36934 POC详情
12 PoC for CVE-2021-36934 Aka HiveNightmare/SeriousSAM written in python3 https://github.com/Sp00p64/PyNightmare POC详情
13 This PowerShell script will take the mitigation measures for CVE-2021-36934 described by Microsoft and the US CERT team. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 https://kb.cert.org/vuls/id/506989 USE AT YOUR OWN RISK -- BACKUPS MAY BREAK. https://github.com/jmaddington/Serious-Sam---CVE-2021-36934-Mitigation-for-Datto-RMM POC详情
14 None https://github.com/0x0D1n/CVE-2021-36934 POC详情
15 HiveNightmare aka SeriousSAM https://github.com/exploitblizzard/CVE-2021-36934 POC详情
16 CVE-2021-36934 HiveNightmare vulnerability checker and workaround https://github.com/irissentinel/CVE-2021-36934 POC详情
17 SeriousSAM Auto Exploiter https://github.com/websecnl/CVE-2021-36934 POC详情
18 POC experiments with Volume Shadow copy Service (VSS) https://github.com/grishinpv/poc_CVE-2021-36934 POC详情
19 Windows Elevation of Privilege Vulnerability CVE-2021-36934 https://github.com/shaktavist/SeriousSam POC详情
20 None https://github.com/OlivierLaflamme/CVE-2021-36934-export-shadow-volume-POC POC详情
21 Exploit for CVE-2021-36934 https://github.com/chron1k/oxide_hive POC详情
22 PoC for CVE-2021-36934 Aka HiveNightmare/SeriousSAM written in python3 https://github.com/Sp00kySkelet0n/PyNightmare POC详情
23 PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless red team method on Windows 10/11 with LOLBins, extracting SYSTEM and SAM hives for local NTLM hashes. https://github.com/P1rat3R00t/Why-so-Serious-SAM POC详情
三、漏洞 CVE-2021-36934 的情报信息
四、漏洞 CVE-2021-36934 的评论

暂无评论

发表评论