VDB
CVE-2024-20697
CVE-2024-20697
PUBLISHED
CVSS 8.699999809265137 HIGH
Windows ist ein Betriebssystem von Microsoft.
EPSS 49.43% · 97.8th percentile
Risk Scores
CVSS 4.0
8.699999809265137
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
49.43%
97.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Windows Server 2022 23H2 Edition | |
| Microsoft | Microsoft Windows 11 version 21H2 | |
| Microsoft | Microsoft Windows Server 2016 | |
| Microsoft | Microsoft Windows 10 | |
| Microsoft | Microsoft Windows Server 2019 | |
| Microsoft | Microsoft Windows Server 2008 SP2 | |
| Microsoft | Microsoft Windows Server 2008 R2 SP1 | |
| Microsoft | Microsoft Windows Server 2012 R2 | |
| Microsoft | Microsoft Windows 10 Version 1607 | |
| Microsoft | Microsoft Windows 11 Version 23H2 | |
| Microsoft | Microsoft Windows 10 Version 1809 | |
| Microsoft | Microsoft Windows 11 Version 22H2 | |
| Hitachi | Hitachi Storage | |
| Microsoft | Microsoft Windows Server 2012 | |
| Microsoft | Microsoft Windows 10 Version 22H2 | |
| Microsoft | Microsoft Windows 10 Version 21H2 | |
| Microsoft | Microsoft Windows Server 2022 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- https://www.exploit-db.com/exploits/52092 (certbund)
- CIRCL seen: CVE-2024-20697 (circl-sighting)
- https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability (circl)
- https://github.com/advisories/GHSA-w6xv-37jv-7cjr (circl)
- http://www.openwall.com/lists/oss-security/2024/06/05/1 (circl)
- http://www.openwall.com/lists/oss-security/2024/06/04/2 (circl)
- Windows libarchive Remote Code Execution Vulnerability (circl)
Timeline
- Jan 9, 2024 CVE Published
- Jan 18, 2024 EPSS Score
- Mar 14, 2024 EPSS Score
- Apr 11, 2024 EPSS Score
- Jun 6, 2024 EPSS Score
- Jul 4, 2024 EPSS Score
- Aug 29, 2024 EPSS Score
- Sep 26, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 17, 2024 Coalition ESS Score
- Nov 21, 2024 EPSS Score
- Dec 19, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0036.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0036 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/01.html advisory
- https://www.exploit-db.com/exploits/52092 exploit