Windows Subsystem For Linux
CVE-2021-43907
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
AnalysisAI
Visual Studio Code WSL Extension Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
Visual Studio Code WSL Extension Remote Code Execution Vulnerability Affected products include: Microsoft Windows Subsystem For Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Windows Subsystem For Linux
View allWindows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vul
Time-of-check time-of-use (toctou) race condition in Windows Subsystem for Linux allows an authorized attacker to elevat
Windows Subsystem for Linux (WSL2) Kernel Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.0). No vendo
Heap-based buffer overflow in Windows Subsystem for Linux GUI allows an unauthorized attacker to execute code over a net
Share
External POC / Exploit Code
Leaving vuln.today