VDB
CVE-2024-30088
CVE-2024-30088
PUBLISHED
KEV
CVSS 6.900000095367432 MEDIUM
In verschiedenen Versionen von Microsoft Windows und Microsoft Windows Server existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
EPSS 88.08% · 99.5th percentile
Risk Scores
CVSS v4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
88.08%
99.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Windows Server 2019 | |
| Microsoft | Microsoft Windows Server 2016 | |
| Microsoft | Microsoft Windows Server 2008 R2 SP1 | |
| Microsoft | Microsoft Windows 11 Version 23H2 | |
| Microsoft | Microsoft Windows 10 Version 21H2 | |
| Microsoft | Microsoft Windows 11 Version 22H2 | |
| Microsoft | Microsoft Windows Server 2022 23H2 Edition | |
| Hitachi | Hitachi Storage | |
| Microsoft | Microsoft Windows Server 2022 | |
| Microsoft | Microsoft Windows 10 Version 1607 | |
| Microsoft | Microsoft Windows Server 2012 R2 | |
| Microsoft | Microsoft Windows 10 Version 1809 | |
| Microsoft | Microsoft Windows 10 | |
| Microsoft | Microsoft Windows Server 2008 SP2 | |
| Microsoft | Microsoft Windows 11 version 21H2 | |
| Microsoft | Microsoft Windows 10 Version 22H2 | |
| Microsoft | Microsoft Windows Server 2012 |
Timeline
- Jun 11, 2024 CVE Published
- Jun 12, 2024 EPSS Score
- Sep 17, 2024 PoC Published
- Sep 18, 2024 PoC Published
- Oct 4, 2024 Coalition ESS Score
- Oct 15, 2024 CISA KEV Added
- Oct 15, 2024 PoC Published
- Oct 16, 2024 Coalition ESS Score
- Dec 25, 2024 PoC Published
- Dec 28, 2024 Coalition ESS Score
- Jan 3, 2025 Coalition ESS Score
- Feb 6, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1347.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1347 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://github.com/tykawaii98/CVE-2024-30088 advisory
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/06.html advisory
- https://github.com/varwara/CVE-2024-35250 advisory
- https://github.com/Dor00tkit/CVE-2024-30090 advisory
- https://www.cisa.gov/news-events/alerts/2024/12/16/cisa-adds-two-known-exploited-vulnerabilities-catalog exploit
- https://ssd-disclosure.com/ssd-advisory-cldflt-heap-based-overflow-pe/ advisory
- https://www.picussecurity.com/resource/blog/oilrig-exposed-tools-techniques-apt34 advisory