CVE-2024-43447

Опубликовано: 12 нояб. 2024

Источник: msrc

CVSS3: 8.1

EPSS Низкий

Описание

Windows SMBv3 Server Remote Code Execution Vulnerability

FAQ

How could an attacker exploit this vulnerability?

To successfully exploit this vulnerability, an attacker would need to use a malicious SMB client to mount an attack against the SMB server. This exploit is only applicable to SMB over QUIC.

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

Обновления

Продукт	Статья	Обновление
Windows Server 2022	5046616 5046698	Security Update SecurityHotpatchUpdate
Windows Server 2022 (Server Core installation)	5046616 5046698	Security Update SecurityHotpatchUpdate

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 80%

0.01458

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2024-43447

CVSS3: 8.1

nvd

7 месяцев назад

Windows SMBv3 Server Remote Code Execution Vulnerability

GHSA-qx56-hjgg-8xgm

CVSS3: 8.1

github

7 месяцев назад

Windows SMBv3 Server Remote Code Execution Vulnerability

BDU:2024-09601

CVSS3: 8.1

fstec

7 месяцев назад

Уязвимость реализации сетевого протокола Server Message Block (SMBv3) операционных систем Windows, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 80%

0.01458

Низкий

8.1 High

CVSS3