CVE-2021-36949

Published on: 08/12/2021 12:00:00 AM UTC

Last Modified on: 08/20/2021 06:57:00 PM UTC

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Certain versions of Azure Active Directory Connect from Microsoft contain the following vulnerability:

Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability

  • CVE-2021-36949 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.
  • Affected Vendor/Software: URL Logo Microsoft - Microsoft Azure Active Directory Connect 1.X.Y.Z version
  • Affected Vendor/Software: URL Logo Microsoft - Azure Active Directory Connect Provisioning Agent version
  • Affected Vendor/Software: URL Logo Microsoft - Microsoft Azure Active Directory Connect 2.0.X.Y version

CVSS3 Score: 7.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
ADJACENT_NETWORK HIGH LOW NONE
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED HIGH HIGH HIGH

CVSS2 Score: 4.9 - MEDIUM

Access
Vector
Access
Complexity
Authentication
ADJACENT_NETWORK MEDIUM SINGLE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL PARTIAL PARTIAL

CVE References

Description Tags Link
Security Update Guide - Microsoft Security Response Center portal.msrc.microsoft.com
text/html
URL Logo MISC portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-36949

Related QID Numbers

  • 91806 Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability August 2021

Exploit/POC from Github

check if Azure AD Connect is affected by the vulnerability described in CVE-2021-36949

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationMicrosoftAzure Active Directory ConnectAllAllAllAll
ApplicationMicrosoftAzure Active Directory ConnectAllAllAllAll
ApplicationMicrosoftAzure Active Directory Connect Provisioning AgentAllAllAllAll
  • cpe:2.3:a:microsoft:azure_active_directory_connect:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:azure_active_directory_connect:*:*:*:*:*:*:*:*:
  • cpe:2.3:a:microsoft:azure_active_directory_connect_provisioning_agent:*:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @ProjectOvix Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability msrc.microsoft.com/update-guide/e… 2021-08-10 19:00:16
Twitter Icon @DirTeamCom Two new Azure AD Connect versions were released to prevent MitM attacks towards Domain Controllers (CVE-2021-36949)… twitter.com/i/web/status/1… 2021-08-10 19:24:16
Twitter Icon @mderooij PSA: Check/update your AD connect deployment docs.microsoft.com/en-us/azure/ac… #CVE-2021-36949 #AzureAD #Hybrid 2021-08-11 06:57:48
Twitter Icon @ProMikeBaz If you are an #Azure Hybrid Identity user, you should update Azure AD Connect immediately to resolve CVE-2021-36949… twitter.com/i/web/status/1… 2021-08-11 13:23:32
Twitter Icon @TheRaitlin CVE-2021-36949 - Security Update Guide - Microsoft - Microsoft Azure Active Directory Connect Authentication Bypass… twitter.com/i/web/status/1… 2021-08-11 20:16:07
Twitter Icon @rootsecdev CVE-2021-36949 - Security Update Guide - Microsoft - Microsoft Azure Active Directory Connect Authentication Bypass… twitter.com/i/web/status/1… 2021-08-12 02:10:16
Twitter Icon @sebasvasquezs Atención defensores #blueteam, es necesario actualicen sus Azure AD Connect. Mayor información en msrc.microsoft.com/update-guide/v… 2021-08-12 03:30:02
Twitter Icon @rniedhorn Über Microsoft Edge geteilt: CVE-2021-36949 – Leitfaden für Sicherheitsupdates – Microsoft - Sicherheitsanfälligkei… twitter.com/i/web/status/1… 2021-08-12 04:13:58
Twitter Icon @BrianTimp New version of Azure AD Connect because of a security vulnerability CVE-2021-36949 msrc.microsoft.com/update-guide/v… microsoft.com/en-us/download… 2021-08-12 04:56:59
Twitter Icon @ipssignatures The vuln CVE-2021-36949 has a tweet created 0 days ago and retweeted 11 times. twitter.com/rootsecdev/sta… #pow1rtrtwwcve 2021-08-12 05:06:00
Twitter Icon @WorkingHardInIT Upgrading #AzureADConnect to 2.0.8.0 right now to addresses security vulnerability. See msrc.microsoft.com/update-guide/v… Upg… twitter.com/i/web/status/1… 2021-08-12 07:35:54
Twitter Icon @MrAzureAD ? ⚠️ Update your AAD Connect now! Details: msrc.microsoft.com/update-guide/v… Might be worth going directly to 2.0.8 if you are already on 2016. 2021-08-12 08:58:13
Twitter Icon @ProMikeBaz @maaverix hello, good day! the CVSS score is in the CVE link given in the update entry, which goes here: msrc.microsoft.com/update-guide/v… 2021-08-12 13:14:17
Twitter Icon @Lets_Not_Leak Heads Up - #azure Security Update Guide - Loading - Microsoft msrc.microsoft.com/update-guide/v… 2021-08-12 13:56:13
Twitter Icon @juntakata Azure AD Connect にセキュリティ更新 (CVE-2021-36949) が出てますのでご確認ください。最新版の適用に加えて NTLM の無効化も必要になります。 docs.microsoft.com/en-us/azure/ac… 2021-08-12 15:01:37
Twitter Icon @CVEreport CVE-2021-36949 : Microsoft Azure Active Directory Connect Authentication Bypass Vulnerability... cve.report/CVE-2021-36949 2021-08-12 18:32:39
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report