VDB
CVE-2024-43468
CVE-2024-43468
PUBLISHED
KEV
Es besteht eine Schwachstelle in Microsoft Configuration Manager. Dieser Fehler existiert wegen eines SQL-Injektionsproblems. Durch das Senden speziell gestalteter Anfragen kann ein entfernter, anonymer Angreifer diese Schwachstelle ausnutzen, um Befehle auf dem Server und/oder der zugrunde liegenden Datenbank auszuführen.
EPSS 83.11% · 99.3th percentile
Risk Scores
EPSS Score
83.11%
99.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Defender for Endpoint for Linux |
Exploit Intelligence
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- synacktiv/CVE-2024-43468 (github-poc-repo)
- CVE-2024-43468 SCCM SQL Injection Exploit (mTLS unextractable client cert from MacOS keychain version) (github-poc)
…and 67 more exploits
Timeline
- Oct 8, 2024 CVE Published
- Oct 8, 2024 PoC Published
- Oct 9, 2024 EPSS Score
- Oct 9, 2024 PoC Published
- Oct 14, 2024 Coalition ESS Score
- Nov 16, 2024 EPSS Score
- Dec 24, 2024 EPSS Score
- Jan 16, 2025 PoC Published
- Jan 16, 2025 PoC Published
- Jan 17, 2025 PoC Published
- Jan 17, 2025 PoC Published
- Jan 20, 2025 PoC Published
References
- https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3122.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3122 advisory
- https://msrc.microsoft.com/update-guide/ advisory
- https://www.synacktiv.com/advisories/microsoft-configuration-manager-configmgr-2403-unauthenticated-sql-injections advisory