VDB
CVE-2024-35250
CVE-2024-35250
PUBLISHED
KEV
CVSS 6.900000095367432 MEDIUM
In verschiedenen Versionen von Microsoft Windows und Microsoft Windows Server existieren mehrere Schwachstellen. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, seine Privilegien zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen oder einen Denial of Service Zustand herbeizuführen.
EPSS 54.91% · 98.1th percentile
Risk Scores
CVSS 4.0
6.900000095367432
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
54.91%
98.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Windows 10 | |
| Microsoft | Microsoft Windows Server 2016 | |
| Microsoft | Microsoft Windows 10 Version 22H2 | |
| Microsoft | Microsoft Windows Server 2012 | |
| Microsoft | Microsoft Windows 10 Version 1809 | |
| Microsoft | Microsoft Windows Server 2019 | |
| Microsoft | Microsoft Windows 10 Version 1607 | |
| Microsoft | Microsoft Windows Server 2022 23H2 Edition | |
| Microsoft | Microsoft Windows 11 version 21H2 | |
| Microsoft | Microsoft Windows 11 Version 23H2 | |
| Microsoft | Microsoft Windows Server 2022 | |
| Microsoft | Microsoft Windows Server 2008 R2 SP1 | |
| Microsoft | Microsoft Windows Server 2008 SP2 | |
| Hitachi | Hitachi Storage | |
| Microsoft | Microsoft Windows 10 Version 21H2 | |
| Microsoft | Microsoft Windows 11 Version 22H2 | |
| Microsoft | Microsoft Windows Server 2012 R2 |
Exploit Intelligence
- CIRCL published-proof-of-concept: CVE-2024-35250 (circl-sighting)
- CIRCL seen: CVE-2024-35250 (circl-sighting)
- CIRCL exploited: CVE-2024-35250 (circl-sighting)
- CIRCL seen: CVE-2024-35250 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-35250 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-35250 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-35250 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-35250 (circl-sighting)
- CIRCL seen: CVE-2024-35250 (circl-sighting)
- CIRCL published-proof-of-concept: CVE-2024-35250 (circl-sighting)
…and 160 more exploits
Timeline
- Jun 11, 2024 CVE Published
- Jun 12, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 15, 2024 PoC Published
- Oct 16, 2024 PoC Published
- Oct 16, 2024 PoC Published
- Oct 16, 2024 PoC Published
- Oct 16, 2024 PoC Published
- Oct 17, 2024 PoC Published
- Oct 18, 2024 PoC Published
- Oct 18, 2024 PoC Published
- Oct 19, 2024 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1347.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1347 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://github.com/tykawaii98/CVE-2024-30088 advisory
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/06.html advisory
- https://github.com/varwara/CVE-2024-35250 advisory
- https://github.com/Dor00tkit/CVE-2024-30090 advisory
- https://www.cisa.gov/news-events/alerts/2024/12/16/cisa-adds-two-known-exploited-vulnerabilities-catalog exploit
- https://ssd-disclosure.com/ssd-advisory-cldflt-heap-based-overflow-pe/ advisory
- https://www.picussecurity.com/resource/blog/oilrig-exposed-tools-techniques-apt34 advisory