Lucene search

K
cvelistFortraCVELIST:CVE-2024-6769
HistorySep 26, 2024 - 8:18 p.m.

CVE-2024-6769 Medium to High Integrity Privilege Escalation in Microsoft Windows

2024-09-2620:18:38
CWE-426
Fortra
www.cve.org
7
cve-2024
privilege escalation
microsoft windows
dll hijacking
activation cache poisoning
uac prompt

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0

Percentile

9.6%

A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.

CNA Affected

[
  {
    "defaultStatus": "affected",
    "product": "Windows 10",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "Windows 11",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "Windows Server 2016",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "Windows Server 2019",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  },
  {
    "defaultStatus": "affected",
    "product": "Windows Server 2022",
    "vendor": "Microsoft",
    "versions": [
      {
        "status": "affected",
        "version": "10.0.0"
      }
    ]
  }
]

CVSS3

6.7

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS4

8.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

EPSS

0

Percentile

9.6%

Related for CVELIST:CVE-2024-6769