CVE-2024-43593

Heap-based Buffer Overflow (CWE-122)

Published: Oct 8, 2024

010
CVSS 8.8EPSS 0.07%High
CVE info copied to clipboard

Summary

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability. This vulnerability allows network-based attacks with low attack complexity. It requires low privileges and no user interaction to exploit. The vulnerability affects the confidentiality, integrity, and availability of the system, all with high impact.

Impact

Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the target system with high impact on confidentiality, integrity, and availability. This means an attacker could potentially gain full control of the affected system, access sensitive information, modify data, or disrupt system operations. The attack can be carried out remotely over the network, making it particularly dangerous for internet-facing systems.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft released an official fix for this vulnerability on October 8, 2024.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible. 2. Limit network exposure for all control system devices and/or systems, and ensure they are not accessible from the Internet. 3. Locate control system networks and remote devices behind firewalls, and isolate them from the business network. 4. When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. 5. Monitor and log all network traffic attempting to reach the affected systems for suspicious activity. 6. Implement the principle of least privilege, ensuring that users and applications have the minimum level of access necessary to perform their functions.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 8.8 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43593. See article

Oct 8, 2024 at 5:46 PM / CVE | THREATINT - NEW.RSS
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:48 PM
Threat Intelligence Report

CVE-2024-43593 is a critical Remote Code Execution vulnerability in Windows Routing and Remote Access Service (RRAS) with a CVSSv3 score of 8.8, categorized as “Exploitation Less Likely” by Microsoft. Exploitation could occur by targeting a vulnerable server with specially crafted protocol messages, potentially leading to RCE without authentication. The vulnerability is part of a series of RCE vulnerabilities that collectively account for 10% of the vulnerabilities in the October Microsoft Patch Tuesday update, but no specific information on exploitation in the wild, proof-of-concept exploits, mitigations, or downstream impacts is provided. See article

Oct 8, 2024 at 6:13 PM
CVE Assignment

NVD published the first details for CVE-2024-43593

Oct 8, 2024 at 6:15 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208305)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208298)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208294)

Oct 9, 2024 at 1:15 AM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Nessus (208289)

Oct 9, 2024 at 1:15 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_server_2022
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-92: Forced Integer Overflow
+null more

References

Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft’s October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild. CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability

News

Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-43593 can be exploited with network access, and requires small amount of user privileges. The potential impact of an exploit of this vulnerability is considered to be very high.
Patch Tuesday October 2024 - Five Zero Days
Besides these zero days we have five CVE's rated critical: These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. CVE-2024-43572 is a remote code execution vulnerability with a rating of important.
Microsoft's October 2024 Patch Tuesday Addresses 117 CVEs (CVE-2024-43572, CVE-2024-43573)
CVE-2024-43572 | Microsoft Management Console Remote Code Execution Vulnerability Microsoft addresses 117 CVEs with three rated as critical and four zero-day vulnerabilities, two of which were exploited in the wild.
Microsoft Security Bulletin Coverage for October 2024
Microsoft’s October 2024 Patch Tuesday has 117 vulnerabilities, of which 42 are Remote Code Execution.SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2024 and has produced coverage for 4 of the reported vulnerabilities. Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
Microsoft Release October 2024 Patch Tuesday Updates for Windows 11 and Windows 10
Microsoft addressed 117 vulnerabilities in the October 2024 Patch Tuesday update, including three rated critical and two actively exploited security flaws. Here’s the full list of CVEs released by Microsoft with the October 2024 Patch Tuesday updates:
See 24 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI