CNVD-2024-11167 — Vulnetix

CNVD-2024-11167 PUBLISHED CVSS 7.800000190734863 HIGH

Microsoft Common Log File System是美国微软（Microsoft）公司的通用日志文件系统（CLFS） API提供了一个日志文件子系统，专用客户端应用程序可以使用该子系统并且多个客户端可以共享以优化日志访问。 Microsoft Common Log File System权限提升漏洞。攻击者可利用该漏洞在系统上获得提升的权限。

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Affected Products

Vendor	Product	Versions
Microsoft	Windows Server 2008 Service Pack 2 (Server Core installation)	6.0.6003.0
microsoft	windows_11_21H2	10.0.0
Microsoft	Windows Server 2008 Service Pack 2	6.0.6003.0
Microsoft	Windows Server 2012 R2 (Server Core installation)	6.3.9600.0
Microsoft	Windows Server 2012	6.2.9200.0
Microsoft	Windows Server 2012 R2	6.3.9600.0
microsoft	windows_server_2008_sp2	6.0.6003.0, 6.0.6003.0, 6.0.6003.0
microsoft	windows_server_2012	6.2.9200.0, 6.2.9200.0
microsoft	windows_10_21H2	10.0.19043.0
microsoft	windows_server_23h2	10.0.25398.0
Microsoft	Windows 10 Version 22H2	10.0.19045.0
Microsoft	Windows 10 Version 21H2	10.0.19043.0
Microsoft	Windows Server 2016	10.0.14393.0
microsoft	windows_10_1507	10.0.10240.0
Microsoft	Windows Server 2008 R2 Service Pack 1 (Server Core installation)	6.1.7601.0
microsoft	windows_server_2022	10.0.20348.0
Microsoft	Windows 11 version 22H2	10.0.22621.0
Microsoft	Windows Server 2019	10.0.17763.0
microsoft	windows_10_22H2	10.0.19045.0
Microsoft	Windows 10 Version 1809	10.0.17763.0, 10.0.0

…and 20 more

Exploit Intelligence

CIRCL seen: CVE-2024-20653 (circl-sighting)
CIRCL seen: CVE-2024-20653 (circl-sighting)
CIRCL seen: CVE-2024-20653 (circl-sighting)
Microsoft Common Log File System Elevation of Privilege Vulnerability (circl)

Timeline

Jan 9, 2024 CVE Published
Jan 9, 2024 PoC Published
Jan 9, 2024 PoC Published
Jan 12, 2024 CVE ID Reserved
May 3, 2025 PoC Published
Jun 14, 2026 Security Advisory

References

Microsoft Common Log File System Elevation of Privilege Vulnerability vendor-advisory

Open in Interactive Console →