CVE-2022-21999

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-21999
Windows Print Spooler Elevation of Privilege Vulnerability

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 Patch Vendor Advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*
History

21 Nov 2024, 06:45

Type Values Removed Values Added
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 - Patch, Vendor Advisory () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 - Patch, Vendor Advisory

16 Jul 2024, 17:47

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:x86:*		 cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1909:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_21h1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_20h2:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_20h2:*:*:*:*:*:*:*:*
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 - Patch, Vendor Advisory
First Time Microsoft windows 11 21h2
Microsoft windows 10 1909
Microsoft windows 10 1507
Microsoft windows 10 21h1
Microsoft windows 10 20h2
Microsoft windows 10 1809
Microsoft windows 10 1607
Microsoft windows Server 20h2
Microsoft windows Server 2022
Microsoft windows 10 21h2

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-269 CWE-22
CWE-59

29 Jun 2023, 05:15

Type Values Removed Values Added
References
  • {'url': 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21999', 'name': 'https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21999', 'tags': ['Patch', 'Vendor Advisory'], 'refsource': 'MISC'}
  • {'url': 'http://packetstormsecurity.com/files/166344/Windows-SpoolFool-Privilege-Escalation.html', 'name': 'http://packetstormsecurity.com/files/166344/Windows-SpoolFool-Privilege-Escalation.html', 'tags': ['Exploit', 'Third Party Advisory', 'VDB Entry'], 'refsource': 'MISC'}
  • (MISC) https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21999 -
Summary Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. Windows Print Spooler Elevation of Privilege Vulnerability

26 May 2022, 20:30

Type Values Removed Values Added
References (MISC) http://packetstormsecurity.com/files/166344/Windows-SpoolFool-Privilege-Escalation.html - (MISC) http://packetstormsecurity.com/files/166344/Windows-SpoolFool-Privilege-Escalation.html - Exploit, Third Party Advisory, VDB Entry

16 Mar 2022, 19:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/166344/Windows-SpoolFool-Privilege-Escalation.html -

14 Feb 2022, 18:15

Type Values Removed Values Added
CPE cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server:20h2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:20h2:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x86:*
cpe:2.3:o:microsoft:windows_11:-:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server:2022:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1909:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_7:sp1:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:21h1:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_10:21h2:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:x64:*
CWE CWE-269
CVSS v2 : unknown
v3 : 7.8 		v2 : 4.6
v3 : 7.8
References (MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21999 - (MISC) https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-21999 - Patch, Vendor Advisory

09 Feb 2022, 17:35

Type Values Removed Values Added
New CVE
Information

Published : 2022-02-09 17:15

Updated : 2025-02-24 15:49

NVD link : CVE-2022-21999

Mitre link : CVE-2022-21999

CVE.ORG link : CVE-2022-21999

JSON object : View

Products Affected

microsoft

  • windows_server_20h2
  • windows_10_1909
  • windows_10_21h2
  • windows_server_2016
  • windows_server_2019
  • windows_10_21h1
  • windows_10_1607
  • windows_server_2022
  • windows_10_20h2
  • windows_rt_8.1
  • windows_10_1809
  • windows_11_21h2
  • windows_10_1507
  • windows_8.1
  • windows_7
  • windows_server_2008
  • windows_server_2012
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-59

Improper Link Resolution Before File Access ('Link Following')