CVE-2021-34537: Windows Bluetooth Driver Elevation of Privilege Vulnerability

Overview

Severity

High (CVSS 7.8)

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Elevation of Privilege

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2021-Aug

Released

2021-08-10

EPSS Score

0.24% (percentile: 47.6%)

FAQ

How could an attacker exploit this vulnerability? An authorized attacker could exploit the Windows Bluetooth driver vulnerability by programatically running certain functions that could lead to elevation of privilege on the Bluetooth component.

Affected Products (34)

Other

• 11568
• 11569
• 11570
• 11571
• 11572
• 11712
• 11713
• 11714
• 11896
• 11897
• 11898
• 11766
• 11767
• 11768
• 11769
• 11800
• 11801
• 11802
• 11803
• 10729
• 10735
• 10852
• 10853
• 10816
• 10855
• 10047
• 10048
• 10481
• 10482
• 10484
• 10051
• 10049
• 10483
• 10543

Security Updates (9)

• 5005030
• 5005031
• 5005033
• 5005040
• 5005043
• 5005088
• 5005089
• 5005076
• 5005106

Acknowledgments

ziming zhang of Ant Security Light-Year Lab

Revision History

• 2021-08-10: Information published.