CVE-2024-43615

External Control of File Name or Path (CWE-73)

Published: Oct 8, 2024

010
CVSS 7.1EPSS 0.05%High
CVE info copied to clipboard

Summary

Microsoft OpenSSH for Windows contains a remote code execution vulnerability. This vulnerability is associated with external control of file name or path (CWE-73). It affects multiple versions of Windows, including Windows 10, Windows 11, and Windows Server across various releases.

Impact

This vulnerability has a high impact on confidentiality, integrity, and availability. If successfully exploited, an attacker could potentially execute arbitrary code on the target system with the privileges of the compromised process. This could lead to unauthorized access, data theft, system modification, or service disruption. The attack vector is network-based, requiring low privileges and user interaction, which suggests that phishing or social engineering tactics might be employed to trick users into taking actions that could trigger the vulnerability.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

Patches are available for this vulnerability. Microsoft released updates on October 8, 2024, to address this issue. Security teams should prioritize applying these patches to affected systems.

Mitigation

1. Apply the security updates provided by Microsoft as soon as possible. 2. Prioritize patching based on the affected Windows versions in your environment: - Windows 11 version 24H2 (up to 10.0.26100.2033) - Windows 10 version 1809 (up to 10.0.17763.6414) - Windows 10 version 21H2 (up to 10.0.19044.5011) - Windows Server 2022 (up to 10.0.20348.2762) - Windows 11 version 22H2 (up to 10.0.22621.4317) - Windows 11 version 23H2 (up to 10.0.22631.4317) - Windows Server 2019 (up to 10.0.17763.6414) - Windows Server 2022 version 23H2 (up to 10.0.25398.1189) - Windows 11 version 21H2 (up to 10.0.22000.3260) - Windows 10 version 22H2 (up to 10.0.19045.5011) 3. Implement network segmentation and access controls to limit potential attack vectors. 4. Educate users about the risks of interacting with untrusted network sources or clicking on suspicious links, as user interaction is required for exploitation. 5. Monitor for any suspicious activities related to OpenSSH for Windows and investigate promptly. 6. Consider implementing application whitelisting to prevent unauthorized executables from running.

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 7.1 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43615. See article

Oct 8, 2024 at 5:41 PM / CVE | THREATINT - NEW.RSS
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 5:41 PM
CVE Assignment

NVD published the first details for CVE-2024-43615

Oct 8, 2024 at 6:15 PM
Threat Intelligence Report

CVE-2024-43615 is a critical remote code execution vulnerability in Microsoft OpenSSH for Windows, which could allow attackers to execute arbitrary code on the target server. The details provided do not specify if the vulnerability is being exploited in the wild, nor do they mention any proof-of-concept exploits, mitigations, detections, patches, or downstream impacts on third-party vendors. Further investigation is needed to assess the full scope and implications of this vulnerability. See article

Oct 8, 2024 at 7:24 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 20.1%)

Oct 9, 2024 at 10:29 AM
EPSS

EPSS Score was set to: 0.04% (Percentile: 5.2%)

Nov 19, 2024 at 2:56 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/windows_11_21h2
+null more

Patches

Microsoft
+null more

Links to Mitre Att&cks

T1562.003: Impair Command History Logging
+null more

Attack Patterns

CAPEC-13: Subverting Environment Variable Values
+null more

News

Patch Tuesday October 2024: Counting Down to Windows 10 EoS, While Internet Explorer Lives
The long tail of Internet Explorer reappears in this month’s Microsoft Patch Tuesday release as we hit the one year mark for the impending Windows 10 end of support. A multi-month issue with Remote Desktop Gateway services crashing on Windows Servers since July’s security updates has also been addressed this month, so any teams that have put in place deferments to preserve Remote Desktop functionality should be quickly evaluating moving forward in light of this month’s updates to close multiple vulnerabilities.
October 2024 – Microsoft patch tuesday highlights
Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE) are among the vulnerabilities that Microsoft has addressed in various software products. Microsoft Configuration Manager Remote Code Execution Vulnerability
MS Family October 2024 Routine Security Update Advisory
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Patch Tuesday October 2024 - Five Zero Days
Besides these zero days we have five CVE's rated critical: These mainly affect Windows OS's as well as MS Configuration Manager and some one offs for Dynamics and the GroupMe app. CVE-2024-43572 is a remote code execution vulnerability with a rating of important.
Microsoft Patch Tuesday – October 8th 2024
“Patch Tuesday” is an unofficial term referring to the second Tuesday of each month, when vendors including Microsoft, Adobe, SAP and Google coordinate the release of vulnerabilities in (and patches for) their software products on a fixed cycle. Updates this month feature patches for critical vulnerabilities including Remote Code Execution (RCE), Elevation of Privilege (EoP), and Security Feature Bypass flaws.
See 33 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:High
Privileges Required:Low
User Interaction:Required
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI