CVE-2024-43614

EPSS 0.38%
Veröffentlicht 08.10.2024 18:15:29
Zuletzt bearbeitet 08.07.2025 16:15:45
Quelle secure@microsoft.com
CVE-Watchlists
Login
Unerledigt
Login

Microsoft Defender for Endpoint for Linux Spoofing Vulnerability

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Defender For Endpoint SwPlatformlinux Version < 101.24052.0002

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.38%	0.591

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
secure@microsoft.com	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43614

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-43614

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-43614

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-43614

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-43614