خانه » CVE-2024-49124
هشدار‌های امنیت سایبری

CVE-2024-49124

آسیب پذیری Windows Lightweight Directory Access Protocol (LDAP)

توسط Vulnerbyte_Alerts
نوشته شده توسط Vulnerbyte_Alerts
  • شناسه CVE-2024-49124 :CVE
  • CWE-362 :CWE
  • yes :Advisory
  • منتشر شده: 12/10/2024
  • به روز شده: 01/06/2025
  • امتیاز: 8.1
  • نوع حمله: Unknown
  • اثر گذاری: Remote Code Execution
  • برند: Microsoft
  • محصول: Windows
  • وضعیتPublished :CVE
  • No :POC
  • وضعیت آسیب پذیری: patch شده

چکیده

یک آسیب پذیری در ویندوز مایکروسافت پیدا شده است که تحت تأثیر این مشکل، برخی از عملکردهای ناشناخته پروتکل دسترسی دایرکتوری Lightweight Component تحت تاثیر قرار میگیرد. ایجاد تغییرات در ورودی منجر بهrace condition   می شود.

توضیحات

بر اثر این آسیب پذیری امکان حمله از راه دور وجود دارد. همچنین این آسیب پذیری در دسته CWE-362 طبقه بندی می شود. محصول ایجاد شده در اثر این آسیب پذیری حاوی یک دنباله کد است که می تواند همزمان با کدهای دیگر اجرا شود و دنباله کد مورد نظر نیاز به دسترسی موقت و انحصاری به یک منبع مشترک دارد، اما یک پنجره زمان بندی وجود دارد که در آن می توان منبع مشترک را با دنباله کد دیگری تغییر داد که همزمان کار می کند.این آسب پذیری به عنوان یک حالت تأثیرگذار بر سیستم شناخته شده است که بر محرمانگی، یکپارچگی و در دسترس بودن تأثیر می گذارد. به نظر می رسد اکسپلویت برای این آسیب پذیری دشوار باشد. اکسپلویت به هیچ شکلی از احراز هویت نیاز ندارد.

CVSS

Score Severity Version Vector String
8.1 HIGH 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

لیست محصولات آسیب پذیر

Product Platforms Versions
Windows 10 Version 1809 32-bit Systems, x64-based Systems affected from 10.0.17763.0 before 10.0.17763.6659
Windows Server 2019 x64-based Systems affected from 10.0.17763.0 before 10.0.17763.6659
Windows Server 2019 (Server Core installation) x64-based Systems affected from 10.0.17763.0 before 10.0.17763.6659
Windows Server 2022 x64-based Systems affected from 10.0.20348.0 before 10.0.20348.2966
Windows 10 Version 21H2 32-bit Systems, ARM64-based Systems, x64-based Systems affected from 10.0.19043.0 before 10.0.19044.5247
Windows 11 version 22H2 ARM64-based Systems, x64-based Systems affected from 10.0.22621.0 before 10.0.22621.4602
Windows 10 Version 22H2 x64-based Systems, ARM64-based Systems, 32-bit Systems affected from 10.0.19045.0 before 10.0.19045.5247
Windows Server 2025 (Server Core installation) x64-based Systems affected from 10.0.26100.0 before 10.0.26100.2605
Windows 11 version 22H3 ARM64-based Systems affected from 10.0.22631.0 before 10.0.22631.4602
Windows 11 Version 23H2 x64-based Systems affected from 10.0.22631.0 before 10.0.22631.4602
Windows Server 2022, 23H2 Edition (Server Core installation) x64-based Systems affected from 10.0.25398.0 before 10.0.25398.1308
Windows 11 Version 24H2 ARM64-based Systems, x64-based Systems affected from 10.0.26100.0 before 10.0.26100.2605
Windows Server 2025 x64-based Systems affected from 10.0.26100.0 before 10.0.26100.2605
Windows 10 Version 1507 32-bit Systems, x64-based Systems affected from 10.0.10240.0 before 10.0.10240.20857
Windows 10 Version 1607 32-bit Systems, x64-based Systems affected from 10.0.14393.0 before 10.0.14393.7606
Windows Server 2016 x64-based Systems affected from 10.0.14393.0 before 10.0.14393.7606
Windows Server 2016 (Server Core installation) x64-based Systems affected from 10.0.14393.0 before 10.0.14393.7606
Windows Server 2008 Service Pack 2 32-bit Systems affected from 6.0.6003.0 before 6.0.6003.23016
Windows Server 2008 Service Pack 2 (Server Core installation) 32-bit Systems, x64-based Systems affected from 6.0.6003.0 before 6.0.6003.23016
Windows Server 2008 Service Pack 2 x64-based Systems affected from 6.0.6003.0 before 6.0.6003.23016
Windows Server 2008 R2 Service Pack 1 x64-based Systems affected from 6.1.7601.0 before 6.1.7601.27467
Windows Server 2008 R2 Service Pack 1 (Server Core installation) x64-based Systems affected from 6.1.7601.0 before 6.1.7601.27467
Windows Server 2012 x64-based Systems affected from 6.2.9200.0 before 6.2.9200.25222
Windows Server 2012 (Server Core installation) x64-based Systems affected from 6.2.9200.0 before 6.2.9200.25222
Windows Server 2012 R2 x64-based Systems affected from 6.3.9600.0 before 6.3.9600.22318
Windows Server 2012 R2 (Server Core installation) x64-based Systems affected from 6.3.9600.0 before 6.3.9600.22318

 لیست محصولات بروز شده

Product Impact Max Severity Build Number
Windows Server 2012 R2 (Server Core installation) Remote Code Execution Critical 6.3.9600.22318
Windows Server 2012 R2 Remote Code Execution Critical 6.3.9600.22318
Windows Server 2012 (Server Core installation) Remote Code Execution Critical 6.2.9200.25222
Windows Server 2012 Remote Code Execution Critical 6.2.9200.25222
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) Remote Code Execution Critical 6.1.7601.27467

6.1.7601.27467
Windows Server 2008 R2 for x64-based Systems Service Pack 1 Remote Code Execution Critical 6.1.7601.27467

6.1.7601.27467
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) Remote Code Execution Critical 6.0.6003.23016

6.0.6003.23016
Windows Server 2008 for x64-based Systems Service Pack 2 Remote Code Execution Critical 6.0.6003.23016

6.0.6003.23016
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Remote Code Execution Critical 6.0.6003.23016

6.0.6003.23016
Windows Server 2008 for 32-bit Systems Service Pack 2 Remote Code Execution Critical 6.0.6003.23016

6.0.6003.23016
Windows Server 2016 (Server Core installation) Remote Code Execution Critical 10.0.14393.7606
Windows Server 2016 Remote Code Execution Critical 10.0.14393.7606
Windows 10 Version 1607 for x64-based Systems Remote Code Execution Critical 10.0.14393.7606
Windows 10 Version 1607 for 32-bit Systems Remote Code Execution Critical 10.0.14393.7606
Windows 10 for x64-based Systems Remote Code Execution Critical 10.0.10240.20857
Windows 10 for 32-bit Systems Remote Code Execution Critical 10.0.10240.20857
Windows Server 2025 Remote Code Execution Critical 10.0.26100.2605

10.0.26100.2528
Windows 11 Version 24H2 for x64-based Systems Remote Code Execution Critical 10.0.26100.2605

10.0.26100.2528
Windows 11 Version 24H2 for ARM64-based Systems Remote Code Execution Critical 10.0.26100.2605

10.0.26100.2528
Windows Server 2022, 23H2 Edition (Server Core installation) Remote Code Execution Critical 10.0.25398.1308
Windows 11 Version 23H2 for x64-based Systems Remote Code Execution Critical 10.0.22631.4602
Windows 11 Version 23H2 for ARM64-based Systems Remote Code Execution Critical 10.0.22631.4602
Windows Server 2025 (Server Core installation) Remote Code Execution Critical 10.0.26100.2605

10.0.26100.2528
Windows 10 Version 22H2 for 32-bit Systems Remote Code Execution Critical 10.0.19045.5247
Windows 10 Version 22H2 for ARM64-based Systems Remote Code Execution Critical 10.0.19045.5247
Windows 10 Version 22H2 for x64-based Systems Remote Code Execution Critical 10.0.19045.5247
Windows 11 Version 22H2 for x64-based Systems Remote Code Execution Critical 10.0.22621.4602
Windows 11 Version 22H2 for ARM64-based Systems Remote Code Execution Critical 10.0.22621.4602
Windows 10 Version 21H2 for x64-based Systems Remote Code Execution Critical 10.0.19044.5247
Windows 10 Version 21H2 for ARM64-based Systems Remote Code Execution Critical 10.0.19044.5247
Windows 10 Version 21H2 for 32-bit Systems Remote Code Execution Critical 10.0.19044.5247
Windows Server 2022 (Server Core installation) Remote Code Execution Critical 10.0.20348.2966

10.0.20348.2908
Windows Server 2022 Remote Code Execution Critical 10.0.20348.2966

10.0.20348.2908
Windows Server 2019 (Server Core installation) Remote Code Execution Critical 10.0.17763.6659
Windows Server 2019 Remote Code Execution Critical 10.0.17763.6659
Windows 10 Version 1809 for x64-based Systems Remote Code Execution Critical 10.0.17763.6659
Windows 10 Version 1809 for 32-bit Systems Remote Code Execution Critical 10.0.17763.6659

 نتیجه گیری

برای جلوگیری از هرگونه نفوذ بهتر است از نسخه های بروزرسانی شده استفاده کنید.

 منابع

  1. https://www.cve.org/CVERecord?id=CVE-2024-49124
  2. https://www.cvedetails.com/cve/CVE-2024-49124/
  3. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49124
  4. https://vulmon.com/vulnerabilitydetails?qid=CVE-2024-49124
  5. https://vuldb.com/?id.287629
  6. https://cwe.mitre.org/data/definitions/362.html

همچنین ممکن است دوست داشته باشید

CVE-2024-49117

CVE-2024-43620

CVE-2024-43583

CVE-2024-43572

CVE-2024-43623

CVE-2024-43622

CVE-2024-43621

CVE-2024-35250

CVE-2024-49113

CVE-2024-13030

پیام بگذارید

نام ، ایمیل و وب سایت خود را برای بار دیگر که اظهار نظر می کنم در این مرورگر ذخیره کنید.