CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.3%
This article documents Veeamβs position on Windows Elevation of Privilege Vulnerability CVE-2021-36934. Specifically regarding the listed mitigation steps involving removal of all shadow copies, and the βImpact of workaroundβ mentioned in the Workarounds section of CVE-2021-36934.
While VSS and shadow copies are mentioned in CVE-2021-36934, shadow copy mechanisms are not part of the vulnerability. The advice to remove all shadow copies is because shadow copies created before the update may contain exploitable data.
The Workarounds section of CVE-2021-36934 states, βDeleting shadow copies could impact restore operations, including the ability to restore data with third-party backup applications.β This statement does not apply to Veeam products (such as Backup & Replication or Agent for Windows). Veeam uses volatile shadow copies, which are deleted automatically when the backup job completes.
Deletion of VSS shadow copies, as advised in CVE-2021-36934, will not affect Veeam backups.
To submit feedback regarding this article, please click this link: Send Article Feedback
To report a typo on this page, highlight the typo with your mouse and press CTRL + Enter.
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
74.3%