VDB
CVE-2024-38112
CVE-2024-38112
PUBLISHED
KEV
Es bestehen mehrere Schwachstellen in verschiedenen Versionen von Microsoft Windows und Microsoft Windows Server. Diese werden von Microsoft nicht im Detail beschrieben. Ein Angreifer kann diese Schwachstellen ausnutzen, um seine Rechte zu erweitern, beliebigen Programmcode auszuführen, Informationen offenzulegen, Dateien zu manipulieren oder einen Denial-of-Service-Zustand zu verursachen. Einige dieser Schwachstellen erfordern eine Benutzerinteraktion, um erfolgreich ausgenutzt zu werden.
EPSS 92.96% · 99.8th percentile
Risk Scores
EPSS Score
92.96%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Windows 11 Version 23H2 | |
| Microsoft | Microsoft Windows Server 2008 SP2 | |
| Microsoft | Microsoft Windows Server 2022 | |
| Microsoft | Microsoft Windows 10 Version 1607 | |
| Microsoft | Microsoft Windows 10 Version 1809 | |
| Microsoft | Microsoft Windows 10 | |
| Microsoft | Microsoft Windows 10 Version 21H2 | |
| Microsoft | Microsoft Windows Server 2012 | |
| Microsoft | Microsoft Windows Server 2008 R2 SP1 | |
| Microsoft | Microsoft Windows Server 2012 R2 | |
| Microsoft | Microsoft Windows 11 version 21H2 | |
| Xerox | Xerox FreeFlow Print Server | |
| Microsoft | Microsoft Windows Server 2019 | |
| Microsoft | Microsoft Windows Server 2022 23H2 Edition | |
| Microsoft | Microsoft Windows 11 Version 22H2 | |
| Hitachi | Hitachi Storage | |
| Microsoft | Microsoft Windows Server 2016 | |
| Microsoft | Microsoft Windows 10 Version 22H2 |
Exploit Intelligence
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc-repo)
- Report written on CVE-2024-38112 (github-poc)
- Report written on CVE-2024-38112 (github-poc)
…and 41 more exploits
Timeline
- Jul 9, 2024 CISA KEV Added
- Jul 9, 2024 CVE Published
- Jul 10, 2024 EPSS Score
- Aug 1, 2024 EPSS Score
- Aug 15, 2024 EPSS Score
- Sep 5, 2024 CVE Updated
- Sep 10, 2024 EPSS Score
- Sep 14, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 8, 2024 VulnCheck KEV Exploitation
- Oct 28, 2024 EPSS Score
- Nov 11, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1579.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1579 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/07.html advisory
- https://github.com/Black-Frost/windows-learning/tree/main/CVE-2024-38054 advisory
- https://securitydocs.business.xerox.com/wp-content/uploads/2024/09/Xerox-Security-Bulletin-XRX24-013-for-Xerox-FreeFlow-Print-Server-v2-_Windows10.pdf advisory