Skip to main content

Defender For Iot CVE-2021-42311

CRITICAL
SQL Injection (CWE-89)
2021-12-15 secure@microsoft.com
10.0
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 15, 2021 - 15:15 cve.org
CRITICAL 10.0

DescriptionCVE.org

Microsoft Defender for IoT Remote Code Execution Vulnerability

AnalysisAI

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Microsoft Defender for IoT Remote Code Execution Vulnerability Affected products include: Microsoft Defender For Iot.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2021-42313 CRITICAL
10.0 Dec 15

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 10.0), this vulnerability

CVE-2024-38089 CRITICAL
9.9 Jul 09

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.9), this vulnerability

CVE-2021-43882 CRITICAL
9.8 Dec 15

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2021-42310 CRITICAL
9.8 Dec 15

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability i

CVE-2024-29053 HIGH
8.8 Apr 09

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2024-21323 HIGH
8.8 Apr 09

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2021-42315 HIGH
8.8 Dec 15

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2021-42314 HIGH
8.8 Dec 15

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2021-41365 HIGH
8.8 Dec 15

Microsoft Defender for IoT Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is re

CVE-2023-23379 HIGH
7.8 Feb 14

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2022-23266 HIGH
7.8 Mar 09

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

CVE-2021-42312 HIGH
7.8 Dec 15

Microsoft Defender for IoT Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is l

Share

CVE-2021-42311 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy