Lucene search

Kaspersky LabKLA70178

HistoryJun 27, 2024 - 12:00 a.m.

KLA70178 ACE vulnerability in Microsoft Dynamics

2024-06-2700:00:00

Kaspersky Lab

threats.kaspersky.com

ace vulnerability

microsoft dynamics

arbitrary code execution

malicious users

cve-2024-35260

microsoft power platform

security update

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON

ACE vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to execute arbitrary code.

Original advisories

CVE-2024-35260

CVE list

CVE-2024-35260 critical

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Affected Products

Microsoft Power Platform

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35260

statistics.securelist.com/

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

AI Score

8.1

Confidence

High

JSON

Related for KLA70178