Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2024-38138

Опубликовано: 10 сент. 2024
Источник: msrc
CVSS3: 7.5
EPSS Низкий

Описание

Windows Deployment Services Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

For an attacker to exploit this vulnerability, they would need to have knowledge of a specific operation that triggers a memory allocation failure, specifically a use after free.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires the attacker to be an authenticated Windows Deployment Services user and to request a certain operation via an RPC call.

Обновления

ПродуктСтатьяОбновление
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2012
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2
Windows Server 2012 R2 (Server Core installation)

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 90%
0.05262
Низкий

7.5 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
nvd
12 месяцев назад

Windows Deployment Services Remote Code Execution Vulnerability

CVSS3: 7.5
github
12 месяцев назад

Windows Deployment Services Remote Code Execution Vulnerability

CVSS3: 7.5
fstec
12 месяцев назад

Уязвимость службы развертывания операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 90%
0.05262
Низкий

7.5 High

CVSS3