https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"/>https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30034 <br/></td> CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C"/>

Exploit
CVE-2024-30034

Access of Resource Using Incompatible Type ('Type Confusion') (CWE-843)

Published: May 14, 2024

010
CVSS 5.5EPSS 0.05%Medium
CVE info copied to clipboard

Summary

This vulnerability allows local attackers to disclose sensitive information on affected installations of Microsoft Windows. The specific flaw exists within the Cloud Files Mini Filter Driver, cldflt.sys. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to disclose information in the context of the kernel.

Impact

A successful attack could allow an unprivileged user to view sensitive data from the kernel memory of the affected system. This could expose confidential information like passwords or encryption keys. The vulnerability has a CVSS v3 base score of 5.5, indicating a medium severity. It has high impacts on confidentiality, while integrity and availability are not affected. The scope is unchanged, meaning the vulnerable component does not impact resources beyond its security scope.

Exploitation

One proof-of-concept exploit is available on zerodayinitiative.com. There is no evidence of proof of exploitation at the moment.

Patch

Microsoft has released an official patch to remediate this vulnerability. Patching is recommended.

Mitigation

Apply the latest security updates from Microsoft to patch the affected Windows versions. As an interim mitigation, restrict local access to only trusted users until patching is possible.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Timeline

First Article

Feedly found the first article mentioning CVE-2024-30034. See article

May 14, 2024 at 5:03 PM / Microsoft Security Advisories - MSRC
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

May 14, 2024 at 5:05 PM
CVE Assignment

NVD published the first details for CVE-2024-30034

May 14, 2024 at 5:17 PM
Trending

This CVE started to trend in security discussions

May 15, 2024 at 12:48 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (379811)

May 15, 2024 at 5:15 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 8.5%)

May 15, 2024 at 9:25 AM
Trending

This CVE stopped trending in security discussions

May 15, 2024 at 8:39 PM
Trending

This CVE started to trend in security discussions

May 17, 2024 at 6:13 PM
Trending

This CVE stopped trending in security discussions

May 17, 2024 at 6:54 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows
+null more

Exploits

https://www.zerodayinitiative.com/advisories/ZDI-24-452/
+null more

Patches

Microsoft
+null more

News

28.803
Newly Added (45) ArticleCMS.Upload.Image.Arbitrary.File.Upload MonoCMS.category.newcat.Parameter.Remote.Code.Execution Cisco.SD-WAN.vManage.Software.Code.Injection Agentejo.Cockpit.registerCriteriaFunction.Code.Injection Freelancy.API.Files.Remote.Code.Execution WordPress.Hotel.Booking.Plugin.Insecure.Deserialization Wordpress.Stop.Spammers.Plugin.Insecure.Deserialization D-Link.DIR-846.SetAutoUpgradeInfo.Command.Injection D-Link.DSR-250.DSR-1000.UPnP.Service.Command.Injection SalesAgility.SuiteCRM.Log.File.Name.Arbitrary.File.Upload Nagios.Fusion.ajaxhelper.Remote.Code.Execution Viessmann.Vitogate.300.Hardcoded.Credentials.Access Tenda.Devices.GetParentControlInfo.Buffer.Overflow TOTOLINK.EX1800T.apcliEncrypType.Command.Injection D-Link.DIR-822.LoginPassword.Authentication.Bypass Tenda.Routers.execCommand.Cookie.Buffer.Overflow Tenda.A18.WifiExtraSet.Buffer.Overflow Tenda.Routers.fromSetRouteStatic.Buffer.Overflow IO-DATA.WFS-SR03.Sys_smb_pwdmod.Command.Injection IO-DATA.WFS-SR03.Pro_stor_canceltrans.Command.Injection Tenda.W15E.AddDnsForward.Buffer.Overflow Tenda.Devices.wifiSSIDset.ssidIndex.parameter.Buffer.Overflow Siemens.CP-8031.CP-8050.Cview.Command.Injection Gnuboard.safe_install_string_check.SQL.Injection WWBN.AVideo.SystemRootPath.Remote.Code.Execution SolarWinds.ARM.TextFormatting.Insecure.Deserialization Tenda.Routers.SetLEDCfg.Buffer.Overflow Tenda.Routers.fromNatlimit.Buffer.Overflow Tenda.Routers.fromqossetting.Buffer.Overflow MS.Windows.DHCP.Server.ProcessMadcapDiscoverAndRequest.DoS TOTOLINK.NR1800X.cstecgi.Buffer.Overflow WordPress.Business.Directory.class-search.SQL.Injection TOTOLINK.LR350.cstecgi.Buffer.Overflow FreeRDP.CVE-2024-32459.Out.of.Bounds.Read Byzoro.Smart.S80.webmailattach.Command.Injection RARLAB.WinRAR.help.topics.Memory.Corruption Campbell.Scientific.CSI.Web.Server.expr.Directory.Traversal Sysrv.Botnet Allegra.SiteConfigAction.Access.Control.Bypass Byzoro.Smart.S210.repair.SQL.Injection TA505.Botnet MS.Windows.Adobe.Type.Manager.Library.Buffer.Overflow MS.Edge.Chakra.JIT.BailOutOnTaggedValue.Type.Confusion Adobe.Acrobat.Reader.CoolType.AFDKO.Memory.Corruption Adobe.Acrobat.Reader.CVE-2019-8016.Memory.Corruption Modified (50) Varnish.Cache.HTTP2.Flow.Control.DoS GitLab.CE.EE.gitlab-shell.SSH.Key.Code.Execution Git.Client.Path.Validation.Command.Execution GitLab.CE.EE.Import.Project.Arbitrary.File.Write GitLab.CE.EE.Wiki.API.Attachments.Command.Injection GitLab.CE.EE.Branch.Name.Stored.XSS GitLab.CE.EE.Mermaid.Markdown.XSS GitLab.CE.EE.ExifTool.Metadata.Command.Injection GitLab.CE.EE.DesignReferenceFilter.XSS GitLab.CE.EE.dompurify.js.Stored.XSS GitLab.CE.EE.Kramdown.Wiki.Rendering.Code.Execution Git.Out.Of.Order.Checkout.Remote.Code.Execution GitLab.CE.EE.OmniAuth.Password.Security.Bypass GitLab.CE.EE.Milestone.References.XSS GitLab.CE.EE.Notes.Stored.XSS GitLab.CE.EE.Project.Settings.XSS GitLab.CE.EE.Project.Import.Remote.Code.Execution GitLab.CE.EE.Label.Color.XSS Git.gitattributes.Attributes.Handling.Integer.Overflow GitLab.CE.EE.Kroki.Diagram.XSS GitLab.CE.EE.Uploads.Endpoint.Directory.Traversal Git.Patch.Reject.Arbitrary.File.Write GitLab.CE.EE.Merge.Requests.XSS GitLab.CE.EE.Large.Label.Description.DoS GitLab.CE.EE.Web.IDE.Stored.XSS GitLab.CE.EE.AutolinkFilter.Regex.DoS GitLab.CE.EE.Password.Reset.Email.Privilege.Escalation TOTOLINK.Devices.NTPSyncWithHost.Command.Injection Tenda.Routers.formSetPortMapping.Stack.Overflow GitLab.CE.EE.Label.Description.Emoji.DoS Eveo.URVE.Web.Manager.vpro.Command.Injection Edimax.BR-6428NS.MP.Command.Injection TOTOLINK.X5000R.setOpModeCfg.Command.Injection Tenda.M3.formGetPassengerAnalyseData.Buffer.Overflow Tenda.Router.SetStaticRouteCfg.Stack.Overflow Tenda.Router.fromSetIpMacBind.Stack.Overflow Tenda.Router.fromAdvSetMacMtuWan.Stack.Overflow H3C.Magic.R200.EdittriggerList.Buffer.Overflow H3C.Magic.R200.dotrace.INTF.Stack.Overflow LBT.T300-T390.ApCliSsid.Stack.Overflow IP-COM.M50.formSetUSBPartition.Command.Injection Chiyu.CVE-2021-31249.CRLF.Code.Injection OpenSIS.index.php.Handling.Authentication.Bypass WordPress.ValvePress.Automatic.csv.php.SQL.Injection Amino.Communications.STB.EntoneWebEngine.Command.Injection FLIR.AX8.Res_php.Command.Injection Weintek.cMT2078X.HMI.Name.Command.Injection Edgecore.ECS2020.EXCU_SHELL.Command.Injection MS.Windows.Cloud.Driver.CVE-2024-30034.Information.Disclosure MS.Windows.CLFS.Driver.CVE-2024-29996.Privilege.Escalation Removed (1) Lazy.Botnet
信息安全漏洞周报(2024年第21期)
点击蓝字 关注我们根据国家信息安全漏洞库(CNNVD)统计,本周(2024年5月13日至2024年5月19日) […]
Government issues ‘important’ advisory for Windows, Office and other Microsoft products - The Times of India
According to the report, “Multiple vulnerabilities have been reported in Microsoft Products, which could allow an attacker to gain elevated privileges, obtain sensitive information, conduct remote code execution attacks, bypass security restrictions, conduct spoofing attacks, conduct tampering attacks, or cause denial of service conditions.” In the latest post, the government body has reported finding multiple vulnerabilities in Microsoft products and classified them as ‘High’ severity.
Patch Tuesday May 2024: Important Fix for Exploit Used by Qakbot
It may have fewer total fixes for vulnerabilities than last month, but May’s Patch Tuesday still addresses some important zero-day vulnerabilities—one of which has been under exploitation by multiple threat actors since at least April. The big vulnerability fix of the month is CVE-2024-30051 that addresses a Windows Desktop Window Manager (DWM) exploit that would allow an attacker to gain system privileges as part of an elevation attack.
May 2024 Patch Tuesday: Microsoft and VMware Fix Zero-Day Exploits
Microsoft SharePoint Server Remote Code Execution Vulnerability Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
See 48 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:None
Availability Impact:None

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI