Uncontrolled Resource Consumption (CWE-400)
DHCP Server Service Denial of Service Vulnerability affecting various versions of Microsoft Windows Server. This vulnerability is associated with CWE-400: Uncontrolled Resource Consumption.
This vulnerability allows an attacker to cause a Denial of Service (DoS) on the DHCP Server Service. The attack vector is network-based, requires no user interaction, and can be executed with low attack complexity. The primary impact is on the availability of the system, which is rated as HIGH. There is no impact on integrity or confidentiality.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft has released updates to address this vulnerability.
1. Apply the latest security updates provided by Microsoft for the affected Windows Server versions. 2. Monitor DHCP server logs for unusual activity or potential exploitation attempts. 3. Implement network segmentation to limit exposure of DHCP servers to untrusted networks. 4. Consider implementing DHCP snooping on network switches to prevent unauthorized DHCP servers. 5. Regularly update and patch all Windows Server systems to the latest versions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Detection for the vulnerability has been added to Qualys (92169)
A CVSS base score of 7.5 has been assigned.
Feedly found the first article mentioning CVE-2024-38236. See article
Feedly estimated the CVSS score as MEDIUM
NVD published the first details for CVE-2024-38236
EPSS Score was set to: 0.05% (Percentile: 17.7%)
EPSS Score was set to: 0.06% (Percentile: 28.5%)