CVE-2024-38080

Warnung

EPSS 21.97%
Veröffentlicht 09.07.2024 17:15:43
Zuletzt bearbeitet 27.01.2025 21:35:27
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Windows Hyper-V Elevation of Privilege Vulnerability

Betroffene Produkte Warnungen 1 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 11 21h2 Version < 10.0.22000.3079

Microsoft ≫ Windows 11 22h2 Version < 10.0.22621.3880

Microsoft ≫ Windows 11 23h2 Version < 10.0.22631.3880

Microsoft ≫ Windows Server 2022 Version < 10.0.20348.2582

Microsoft ≫ Windows Server 2022 23h2 Version < 10.0.25398.1009

09.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

Microsoft Windows Hyper-V Privilege Escalation Vulnerability

Schwachstelle

Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	21.97%	0.956

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38080

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-38080

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-38080

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-38080

EUVD