CVE-2024-21324

Опубликовано: 09 апр. 2024

Источник: msrc

CVSS3: 7.2

EPSS Низкий

Описание

Microsoft Defender for IoT Elevation of Privilege Vulnerability

FAQ

What actions do customers need to take to protect themselves from this vulnerability?

Customers need to update their Defender for IoT software to version 24.1.3 or above. For more information, see OT monitoring software versions.

According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?

An attacker would be required to have shell access to the server.

What privileges could be gained by an attacker who successfully exploited the vulnerability?

An attacker who successfully exploited this vulnerability could gain access to the credentials of other users on the system.

Обновления

Продукт	Статья	Обновление
Microsoft Defender for IoT	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 91%

0.0713

Низкий

7.2 High

CVSS3

Связанные уязвимости

CVE-2024-21324

CVSS3: 7.2

nvd

почти 2 года назад

Microsoft Defender for IoT Elevation of Privilege Vulnerability

GHSA-qc8v-ph93-7gqw

CVSS3: 7.2

github

почти 2 года назад

Microsoft Defender for IoT Elevation of Privilege Vulnerability

BDU:2024-02978

CVSS3: 7.2

fstec

почти 2 года назад

Уязвимость комплекса средств по обнаружению угроз для сред Интернета вещей Microsoft Defender for IoT, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 91%

0.0713

Низкий

7.2 High

CVSS3