CVE-2024-43592

Heap-based Buffer Overflow (CWE-122)

Published: Oct 8, 2024

010
CVSS 8.8EPSS 0.07%High
CVE info copied to clipboard

Summary

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This vulnerability allows an attacker with low privileges to execute arbitrary code remotely through the network, with no user interaction required. The attack complexity is low, indicating that it is relatively easy to exploit.

Impact

The impact of this vulnerability is severe. It can lead to a complete compromise of the confidentiality, integrity, and availability of the affected system. An attacker could potentially execute arbitrary code with the same privileges as the RRAS service, which typically runs with high system privileges. This could allow the attacker to install programs, view, change, or delete data, or create new accounts with full user rights.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on October 8, 2024.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. If immediate patching is not feasible, consider temporarily disabling the Windows Routing and Remote Access Service if it's not critical for operations. 3. Implement network segmentation to limit the exposure of systems running RRAS. 4. Monitor for unusual activity related to RRAS. 5. Ensure that only authorized users have low-privilege access to systems running RRAS. 6. Keep all Windows systems and software up to date with the latest security updates.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 8.8 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43592. See article

Oct 8, 2024 at 5:46 PM / CVE | THREATINT - NEW.RSS
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:48 PM
Threat Intelligence Report

CVE-2024-43592 is a critical Remote Code Execution vulnerability in Windows Routing and Remote Access Service (RRAS) with a CVSSv3 score of 8.8, categorized as “Exploitation Less Likely” by Microsoft. Exploitation could occur by targeting a vulnerable server with specially crafted protocol messages, but there is no indication of active exploitation in the wild or available proof-of-concept exploits. Microsoft has not specified any mitigations, detections, or patches for this vulnerability, nor are there mentions of downstream impacts to third-party vendors or technology. See article

Oct 8, 2024 at 6:13 PM
CVE Assignment

NVD published the first details for CVE-2024-43592

Oct 8, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208305)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208298)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208294)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208289)

Oct 9, 2024 at 1:15 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2016
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

References

Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability

News

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43592 is exploitable with network access, and requires small amount of user privileges. The potential impact of an exploit of this vulnerability is considered to be very high.
Patch Tuesday October 2024 - Five Zero Days
Besides these zero days we have five CVE's rated critical: These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. CVE-2024-43572 is a remote code execution vulnerability with a rating of important.
Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft Security Bulletin Coverage for October 2024
Microsoft’s October 2024 Patch Tuesday has 117 vulnerabilities, of which 42 are Remote Code Execution.SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2024 and has produced coverage for 4 of the reported vulnerabilities. Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
Security Bulletin 09 Oct 2024 - Cyber Security Agency of Singapore
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Chart Builder Team Chartify allows ...
See 27 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI