CVE-2021-36934CISA KEV: Actively Exploited

Microsoft Windows SAM Local Privilege Escalation Vulnerability

Published Feb 10, 2022·Updated Feb 10, 2022

Description

If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.

Public Exploits & PoCs23 found

PoC: CVE-2021-36934

C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM

266

PoC: ShadowSteal

Pure Nim implementation for exploiting CVE-2021-36934, the SeriousSAM local privilege escalation

189

PoC: Invoke-HiveNightmare

PoC for CVE-2021-36934, which enables a standard user to be able to retrieve the SAM, Security, and Software Registry hives in Windows 10 version 1809 or newer

30

PoC: CVE-2021-36934

Fix for the CVE-2021-36934

11

PoC: CVE-2021-36934

HiveNightmare aka SeriousSAM

6

PoC: SeriousSam

HiveNightmare a.k.a. SeriousSam Local Privilege Escalation in Windows – CVE-2021-36934

6

PoC: CVE-2021-36934

Detection and Mitigation script for CVE-2021-36934 (HiveNightmare aka. SeriousSam)

4

PoC: oxide_hive

Exploit for CVE-2021-36934

3

PoC: PyNightmare

PoC for CVE-2021-36934 Aka HiveNightmare/SeriousSAM written in python3

3

PoC: Why-so-Serious-SAM

PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless red team method on Windows 10/11 with LOLBins, extracting SYSTEM and SAM hives for local NTLM hashes.

2

PoC: CVE-2021-36934

SeriousSAM Auto Exploiter

2

PoC: Invoke-HiveDreams

A capability to identify and remediate CVE-2021-36934 (HiveNightmare)

2

PoC: VSSCopy

Small and dirty PoC for CVE-2021-36934

2

PoC: poc_CVE-2021-36934

POC experiments with Volume Shadow copy Service (VSS)

1

PoC: CVE-2021-36934

CVE-2021-36934 HiveNightmare vulnerability checker and workaround

1

PoC: CVE-2021-36934

CVE-2021-36934 PowerShell scripts

1

PoC: CVE-2021-36934

Windows Elevation of Privilege Vulnerability (SeriousSAM)

1

PoC: CVE-2021-36934-HiveNightmare-Lab

Educational lab demonstrating CVE-2021-36934 (HiveNightmare) - Windows LPE via shadow copy ACL misconfiguration.

PoC: Why-so-Serious-SAM

PoC malware that uses exploit CVE-2021-36934 (improper ACLs on shadow copies) using a fileless red team method on Windows 10/11 with LOLBins, extracting SYSTEM and SAM hives for local NTLM hashes.

PoC: SeriousSam

Windows Elevation of Privilege Vulnerability CVE-2021-36934

PoC: Serious-Sam---CVE-2021-36934-Mitigation-for-Datto-RMM

This PowerShell script will take the mitigation measures for CVE-2021-36934 described by Microsoft and the US CERT team. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 https://kb.cert.org/vuls/id/506989 USE AT YOUR OWN RISK -- BACKUPS MAY BREAK.

PoC: CVE-2021-36934

C# PoC for CVE-2021-36934/HiveNightmare/SeriousSAM

PoC: CVE-2021-36934

CVE-2021-36934 PowerShell Fix

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free