FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

CVE-2024-41967

Missing Authentication for Critical Function (CWE-306)

Published: Nov 18, 2024 / Updated: 1d ago

010
CVSS 8.1EPSS 0.05%High
CVE info copied to clipboard

Summary

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. This vulnerability is related to missing authentication for critical functions.

Impact

The impact of this vulnerability is severe. An attacker can potentially modify the firmware upgrade process, which could lead to unauthorized changes in the device's firmware. This could result in compromised device functionality, installation of malicious firmware, or persistent unauthorized access. Additionally, the attacker could cause a denial-of-service condition, rendering the device unavailable. The integrity and availability of the affected device are highly impacted, though confidentiality does not appear to be compromised.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Based on the provided information, there is no mention of an available patch for this vulnerability.

Mitigation

While no specific mitigation is mentioned in the provided data, general recommendations would include: 1. Implement strong authentication mechanisms for all critical functions, especially those related to boot mode configuration and firmware upgrade processes. 2. Restrict network access to the device, allowing only trusted IP addresses or networks to interact with these critical functions. 3. Monitor for any unusual activities or attempts to modify boot mode configurations. 4. If possible, disable remote access to boot mode configuration until a patch is available. 5. Keep the device's firmware and software up to date with the latest security patches when they become available.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2024-41967

Nov 18, 2024 at 9:15 AM
CVSS

A CVSS base score of 8.1 has been assigned.

Nov 18, 2024 at 9:20 AM / nvd
First Article

Feedly found the first article mentioning CVE-2024-41967. See article

Nov 18, 2024 at 9:22 AM / National Vulnerability Database
CVSS Estimate

Feedly estimated the CVSS score as MEDIUM

Nov 18, 2024 at 9:22 AM
EPSS

EPSS Score was set to: 0.05% (Percentile: 17.4%)

Nov 19, 2024 at 9:42 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/remote
+null more

Attack Patterns

CAPEC-12: Choosing Message Identifier
+null more

News

High - CVE-2024-41967 - A low privileged remote attacker may modify the...
Security-Database Alerts Monitor : Last 100 Alerts / 1d
A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.
WAGO: Multiple vulnerabilities in WAGO Firmware 04.05.10 (FW 27)
CERT@VDE Advisory Feed / 1d
Nozomi reported eight vulnerabilities to WAGO affecting different firmwares installed on several devices. The identified vulnerabilities could lead to a denial-of-service attack or alter of the firmware and docker configuration.
#threatintel / 1d
CVE-2024-41967 - Microsoft Edgecrafted Device Boot Mode Configuration Vulnerability November 18, 2024 at 09:15AM https:// ift.tt/g412uXt # CVE # IOC # CTI # ThreatIntelligence # ThreatIntel # Cybersecurity # Recon
CVE-2024-41967 - Microsoft Edgecrafted Device Boot Mode Configuration Vulnerability
Latest Vulnerabilities / 1d
CVE ID : CVE-2024-41967 Published : Nov. 18, 2024, 9:15 a.m. 53 minutes ago Description : A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. Severity: 8.1 HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...
WAGO: Boot Mode Manipulation in Multiple DevicesA low privileged remote attac...
CVE - NEW | THREATINT / 1d
A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

CVSS 8.1(18246)CWE-306(1267)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial