{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T02:52:18.910","vulnerabilities":[{"cve":{"id":"CVE-2021-29221","sourceIdentifier":"security@deepsurface.com","published":"2021-04-09T14:15:12.910","lastModified":"2024-11-21T06:00:51.240","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existing installation's directory, a local attacker could hijack accounts of other users running Erlang programs or possibly coerce a service running with \"erlsrv.exe\" to execute arbitrary code as Local System. This can occur only under specific conditions on Windows with unsafe filesystem permissions."},{"lang":"es","value":"Se detectó una vulnerabilidad de escalada de privilegios local en Erlang/OTP anterior a versión 23.2.3. Al agregar archivos a un directorio de instalación existente, un atacante local podría secuestrar cuentas de otros usuarios que ejecutan programas Erlang o posiblemente coaccionar un servicio que se ejecuta con \"erlsrv.exe\" para ejecutar código arbitrario como Local System. Esto puede ocurrir solo bajo condiciones específicas en Windows con permisos de sistema de archivos no seguros"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.0,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:H/Au:N/C:C/I:C/A:C","baseScore":6.2,"accessVector":"LOCAL","accessComplexity":"HIGH","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"MEDIUM","exploitabilityScore":1.9,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*","versionEndExcluding":"23.2.3","matchCriteriaId":"795C26C5-EC7F-4216-BD92-657D2ECF5E19"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*","matchCriteriaId":"A2572D17-1DE6-457B-99CC-64AFD54487EA"}]}]}],"references":[{"url":"https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/","source":"security@deepsurface.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/erlang/otp/releases/tag/OTP-23.2.3","source":"security@deepsurface.com","tags":["Third Party Advisory"]},{"url":"https://deepsurface.com/deepsurface-security-advisory-local-privilege-escalation-in-erlang-on-windows-cve-2021-29221/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/erlang/otp/releases/tag/OTP-23.2.3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}