CVE-2024-38160

Heap-based Buffer Overflow (CWE-122)

Published: Aug 13, 2024

010
CVSS 9.1EPSS 0.07%Critical
CVE info copied to clipboard

Summary

Windows Network Virtualization Remote Code Execution Vulnerability. This is a critical vulnerability with a CVSS base score of 9.1. It affects Windows systems and allows for remote code execution. The vulnerability has a low attack complexity, requires no user interaction, and can be exploited over the network. However, it does require high privileges for exploitation.

Impact

If exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system with high impact on confidentiality, integrity, and availability. The scope is changed, indicating that the vulnerability not only affects the vulnerable component but may also impact components beyond its security scope. Given the high privileges required, an attacker who successfully exploits this vulnerability could potentially gain significant control over the affected system, leading to data theft, system compromise, or service disruption.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on August 13, 2024.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. Implement network segmentation to limit the exposure of vulnerable systems. 3. Monitor for suspicious network activity, especially targeting Windows Network Virtualization components. 4. Ensure that only necessary accounts have high-level privileges, as the vulnerability requires high privileges to exploit. 5. Keep all Windows systems and software up to date with the latest security updates. 6. Implement strong access controls and authentication mechanisms to prevent unauthorized access to systems with high privileges.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (92160)

Aug 13, 2024 at 7:53 AM
CVSS

A CVSS base score of 9.1 has been assigned.

Aug 13, 2024 at 5:35 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-38160. See article

Aug 13, 2024 at 6:07 PM / Zero Day Initiative - Blog
CVE Assignment

NVD published the first details for CVE-2024-38160

Aug 13, 2024 at 6:15 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Aug 13, 2024 at 6:23 PM
Threat Intelligence Report

CVE-2024-38160 is a critical vulnerability in Windows Network Virtualization with a CVSS score of 9.1, allowing for remote code execution. It is currently being exploited in the wild by threat actors, and there are no known mitigations or patches available. This vulnerability may have downstream impacts on other third-party vendors or technologies utilizing Windows Network Virtualization. See article

Aug 14, 2024 at 2:48 PM
EPSS

EPSS Score was set to: 0.07% (Percentile: 30.1%)

Nov 19, 2024 at 4:25 PM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_10_1607
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

References

Microsoft August 2024 Security Updates
Classification: Critical, Solution: Official Fix, Exploit Maturity: High, CVSSv3.1: 9.8, CVEs: CVE-2024-21302, CVE-2024-29995, CVE-2024-37968, CVE-2024-38063, CVE-2024-38084, CVE-2024-38098, CVE-2024-38106, CVE-2024-38107, CVE-2024-38108, CVE-2024-38109, CVE-2024-38114, CVE-2024-38115, CVE-2024-38116, CVE-2024-38117, CVE-2024-38118, CVE-2024-38120, CVE-2024-38121, CVE-2024-38122, CVE-2024-38123, CVE-2024-38125 (+82 other associated CVEs), Summary: https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. This Patch Tuesday fixed eight critical vulnerabilities, which were a mixture of elevation of privileges, remote code execution, and information disclosure. The number of bugs in each vulnerability category is listed below:
@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 33 - SANS Institute
Product: Fabianros Job Portal CVSS Score: 9.8 NVD: NVD References: - - - - CVE-2024-7811 - SourceCodester Daily Expenses Monitoring App 1.0 is vulnerable to SQL injection in the /endpoint/delete-expense.php file, allowing for remote attacks due to the manipulation of the expense argument. Product: Wurmlab SequenceServer CVSS Score: 9.8 AtRiskScore 30 NVD: NVD References: - - CVE-2024-7794 - Itsoucecode Vehicle Management System 1.0 is vulnerable to a critical SQL injection flaw in the mybill.php file, allowing for remote attacks.
August 2024 Threat Advisory – Top 5
[ High ] – CVE-2024-38652 – Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. [ High ] – CVE-2024-38653 – XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
See 4 more references

News

August 2024 Patch Tuesday: Six Zero-Days and Six Critical Vulnerabilities Amid 85 CVEs
Severity CVSS Score CVE Description Important 7.8 CVE-2024-38193 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Severity CVSS Score CVE Description Important 8.8 CVE-2024-38189 Microsoft Project Remote Code Execution Vulnerability
@RISK: The Consensus Security Vulnerability Alert: Vol. 24, Num. 33 - SANS Institute
Product: Fabianros Job Portal CVSS Score: 9.8 NVD: NVD References: - - - - CVE-2024-7811 - SourceCodester Daily Expenses Monitoring App 1.0 is vulnerable to SQL injection in the /endpoint/delete-expense.php file, allowing for remote attacks due to the manipulation of the expense argument. Product: Wurmlab SequenceServer CVSS Score: 9.8 AtRiskScore 30 NVD: NVD References: - - CVE-2024-7794 - Itsoucecode Vehicle Management System 1.0 is vulnerable to a critical SQL injection flaw in the mybill.php file, allowing for remote attacks.
August 2024 Threat Advisory – Top 5
[ High ] – CVE-2024-38652 – Path traversal in the skin management component of Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to achieve denial of service via arbitrary file deletion. [ High ] – CVE-2024-38653 – XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.
Microsoft’s August 2024 Patch Tuesday: Critical Updates and Analysis
Windows Operating Systems : With 43 patches applied, the Windows platform received the most attention, addressing vulnerabilities that could potentially compromise core system functions, including remote code execution and privilege escalation. CVE-2024-38159 and CVE-2024-38160 : These RCE vulnerabilities in Windows Network Virtualization, both rated with a CVSS score of 9.1, could allow an attacker to interact with other tenants’ applications and content under certain conditions, highlighting the risks in virtualized environments.
CNNVD | 关于微软多个安全漏洞的通报
近日,微软官方发布了多个安全漏洞的公告,其中微软产品本身漏洞84个,影响到微软产品的其他厂商漏洞5个。
See 54 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Changed
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI