Products
Microsoft Windows
- 10
- 11
- Server 2016
- Server 2019
- Server 2022
Source
df4dee71-de3a-4139-9588-11b62fe6c0ff
Tags
CVE-2024-6769 details
Published : Sept. 26, 2024, 9:15 p.m.
Last Modified : Sept. 26, 2024, 9:15 p.m.
Last Modified : Sept. 26, 2024, 9:15 p.m.
Description
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6.7 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|---|---|
| CWE-426 | Untrusted Search Path | The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control. |
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
6.7
Exploitability Score
0.8
Impact Score
5.9
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
References
| URL | Source |
|---|---|
| https://www.fortra.com/security/advisories/research/fr-2024-002 | df4dee71-de3a-4139-9588-11b62fe6c0ff |
This website uses the NVD API, but is not approved or certified by it.