https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"/>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"/>
Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)
This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. The specific flaw exists within the Cloud Files Mini Filter Driver, cldflt.sys. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to disclose information in the context of the kernel.
A successful attack could allow an unprivileged user to view sensitive data from the kernel memory of the affected system. This could expose confidential information like passwords or encryption keys. The vulnerability has a CVSS v3 base score of 5.5, indicating a medium severity. It has high impacts on confidentiality, while integrity and availability are not affected. The scope is unchanged, meaning the vulnerable component does not impact resources beyond its security scope.
One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.
Microsoft has released an official patch to remediate this vulnerability. Patching is recommended.
Apply the latest security updates from Microsoft to patch the affected Windows versions. As an interim mitigation, restrict local access to only trusted users until patching is possible.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C
Feedly found the first article mentioning CVE-2024-30034. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-30034
This CVE started to trend in security discussions
Detection for the vulnerability has been added to Qualys (379811)
EPSS Score was set to: 0.04% (Percentile: 8.5%)
This CVE stopped trending in security discussions
This CVE started to trend in security discussions
This CVE stopped trending in security discussions