7.8

CVE-2024-38080

Warnung

Windows Hyper-V Elevation of Privilege Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MicrosoftWindows 11 21h2 Version < 10.0.22000.3079
MicrosoftWindows 11 22h2 Version < 10.0.22621.3880
MicrosoftWindows 11 23h2 Version < 10.0.22631.3880
MicrosoftWindows Server 2022 Version < 10.0.20348.2582
MicrosoftWindows Server 2022 23h2 Version < 10.0.25398.1009

09.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Hyper-V Privilege Escalation Vulnerability

Schwachstelle

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 13.65% 0.943
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secure@microsoft.com 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.