Exploit for #VU58034 Permissions, Privileges, and Access Controls in Windows Server

Published: 2021-12-12 | Updated: 2023-09-18

Vulnerability identifier: #VU58034

Vulnerability risk: Medium

CVSSv3.1: 7.2 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-42287

CWE-ID: CWE-264

Exploitation vector: Network

Exploits in database: 10

September 18, 2023
- sam-the-admin (Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ) [Github]
February 16, 2023
- Invoke-noPac (.Net Assembly loader for the [CVE-2021-42287 - CVE-2021-42278] Scanner & Exploit noPac) [Github]
December 25, 2022
- noPac (CVE-2021-42287/CVE-2021-42278 Exploiter) [Github]
April 3, 2022
- Invoke-sAMSpoofing (CVE-2021-42287/CVE-2021-42278 exploits in powershell) [Github]
February 16, 2022
- NoPacScan (NoPacScan is a CVE-2021-42287/CVE-2021-42278 Scanner,it scan for more domain controllers than other script) [Github]
December 14, 2021
- Pachine (Python implementation for CVE-2021-42278 (Active Directory Privilege Escalation)) [Github]
December 13, 2021
- noPac (Exploiting CVE-2021-42278 and CVE-2021-42287) [Github]
- noPac (Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ) [Github]
December 12, 2021
- sam-the-admin (Exploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user ) [Github]
- noPac (CVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.) [Github]

Impact: Code execution

Vulnerable software:
Windows Server
Operating systems & Components / Operating system

Vendor: Microsoft