Vulnerabilities > CVE-2021-21552 - Unspecified vulnerability in Microsoft Windows 10 2019

CVSS 8.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

microsoft

NVD

Published: 2021-05-21

Updated: 2022-04-26

Summary

Dell Wyse Windows Embedded System versions WIE10 LTSC 2019 and earlier contain an improper authorization vulnerability. A local authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass the restricted environment and perform unauthorized actions on the affected system.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 10 2019	1
Hardware	Dell Dell Wyse 5070 Thin Client - Dell Wyse 5470 ALL IN ONE Thin Client - Dell Wyse 5470 Thin Client -	3

References

https://www.dell.com/support/kbdoc/en-us/000186134/dsa-2021-096-dell-wyse-windows-embedded-system-security-update-for-an-improper-authorization-vulnerability