8.4

CVE-2024-6769

A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellermicrosoft
Produkt windows_10
Default Statusunknown
Version 10.0.0
Status affected
Herstellermicrosoft
Produkt windows_11
Default Statusunknown
Version 10.0.0
Status affected
Herstellermicrosoft
Produkt windows_server_2016
Default Statusunknown
Version 10.0.0
Status affected
Herstellermicrosoft
Produkt windows_server_2019
Default Statusunknown
Version 10.0.0
Status affected
Herstellermicrosoft
Produkt windows_server_2022
Default Statusunknown
Version 10.0.0
Status affected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 25.21% 0.96
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
df4dee71-de3a-4139-9588-11b62fe6c0ff 8.4 0 0
CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
df4dee71-de3a-4139-9588-11b62fe6c0ff 6.7 0.8 5.9
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

CWE-427 Uncontrolled Search Path Element

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.