{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-000086e83674","releaseDate":"2021-05-11T07:00:00Z","cveNumber":"CVE-2021-31205","cveTitle":"Windows SMB Client Security Feature Bypass Vulnerability","releaseNumber":"2021-May","vulnType":"Security Vulnerability","latestRevisionDate":"2023-10-26T07:00:00Z","cweList":[],"cweDetailsListForSearch":[],"mitreText":"CVE-2021-31205","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2021-31205","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":2,"latestSoftwareRelease":"Exploitation Less Likely","olderSoftwareReleaseId":2,"olderSoftwareRelease":"Exploitation Less Likely","denialOfService":"N/A","tag":"Windows SMB","issuingCna":"Microsoft","issuingCnaId":0,"severityId":100000001,"severity":"Important","impactId":100000007,"impact":"Security Feature Bypass","langCode":"en-US","baseScore":"6.5","temporalScore":"5.7","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":0,"cweDetailsList":[],"articles":[{"articleType":"FAQ","description":"<p><strong>What kind of security feature could be bypassed by successfully exploiting this vulnerability?</strong></p>\n<p>Guest fallback access in SMB2 is not disabled by default. Installing this security update will disable guest fallback access to enforce the operating system edition settings and Group Policy settings. Guest fallback behavior default will return matching previously documented settings.</p>\n<p>Alternatively, customers can manually disable guest access by configuring this registry value:</p>\n<p><code>[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\LanmanWorkstation\\Parameters] &quot;AllowInsecureGuestAuth&quot;=dword:0</code></p>\n<p>For more information on guest fallback access behaviors and default settings, refer to:</p>\n<p><a href=\"https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default\">Guest access in SMB2 disabled by default in Windows</a></p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2021-31205","version":1,"revisionDate":"2021-05-11T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"41b0bffd-b4a3-eb11-a83e-000d3a6d3364"},{"cveNumber":"CVE-2021-31205","version":1.1,"revisionDate":"2023-10-26T07:00:00Z","initialDate":"0001-01-01T00:00:00Z","description":"<p>Updated one or more CVSS scores for the affected products. This is an informational change only.</p>\n","unformattedDescription":"Updated one or more CVSS scores for the affected products. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"667440ae-4474-ee11-9365-000d3afbc7d7"}]}