Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-21322

7.2HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Defender For Iot
Vendor
CVE Published:
9 April 2024

Badges

πŸ‘Ύ Exploit ExistsπŸ“° News Worthy

Summary

A remote code execution vulnerability exists in Microsoft Defender for IoT, allowing an attacker to execute arbitrary code on affected devices. Exploitation of this vulnerability could lead to unauthorized access, data leakage, and compromise of IoT systems. Users of Microsoft Defender for IoT must apply the latest updates to mitigate risks associated with this security flaw.

Affected Version(s)

Microsoft Defender for IoT Unknown 22.0.0 < 24.1.3

News Articles

favicon imageCrowdStrike.com

April 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft released patches for 150 vulnerabilities, including 3 critical RCE vulnerabilities, for its April 2024 Patch Tuesday rollout.

9 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by CrowdStrike.com

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)
.