CVE-2024-43571

MSR

High

Sudo for Windows Spoofing Vulnerability

CVSS

7.3

High

EPSS

0.00

p59

Published

2024-01-01

Updated

2024-01-01

Description

Sudo for Windows Spoofing Vulnerability

Tags · CWE

CWE-923

CAPEC-161

CAPEC-481

CAPEC-501

CAPEC-697

Affected products

Windows_11_24h2 < 10.0.26100.2033

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Timeline

2024-01-01

Published

2024-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: L

Local (L)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: L

Low (L)

User Interaction

UI: R

Required (R)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: H

High (H)

Integrity Impact

I: H

High (H)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.004 · p59

Known exploited (KEV)

MITRE ATT&CK

Inferred via CAPEC

T1090.004Domain Fronting

└ via CAPEC-481 · CWE-923

T1557.003DHCP Spoofing

└ via CAPEC-697 · CWE-923

Known exploits — Сканер-ВС

No Сканер-ВС checks registered for this vulnerability yet.

Affected software

Product	Vendor	Status
windows_11_24h2	*	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked
Windows	Microsoft	Tracked

Source databases

MSR

CVE

Related vulnerabilities

BDU:2024-08004