Lucene search

China National Vulnerability DatabaseCNVD-2024-19331

HistoryApr 11, 2024 - 12:00 a.m.

Microsoft Defender for IoT elevation of privilege vulnerability (CNVD-2024-19331)

2024-04-1100:00:00

China National Vulnerability Database

www.cnvd.org.cn

microsoft

defender

iot

privilege

vulnerability

asset discovery

threat monitoring

escalation

attacker

cnvd-2024-19331

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.6%

JSON

Microsoft Defender for IoT is an asset discovery, vulnerability management and threat monitoring solution for IoT/OT environments. An elevation of privilege vulnerability exists in Microsoft Defender for IoT, which can be exploited by an attacker to escalate privileges.

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.6%

JSON

Related for CNVD-2024-19331