Microsoft Defender for IoT Remote Code Execution Vulnerability
CVE-2024-21323

8.8HIGH

Key Information:

Vendor
Microsoft
Status
Microsoft Defender For Iot
Vendor
CVE Published:
9 April 2024

Badges

πŸ“° News Worthy

Summary

A vulnerability has been identified in Microsoft Defender for IoT that can allow remote code execution, potentially enabling an attacker to execute arbitrary code on affected systems. This exposure can lead to unauthorized access, data breaches, and exploitation of connected IoT devices. Users of Microsoft Defender for IoT are urged to apply the necessary updates to mitigate the risks associated with this vulnerability. For in-depth details and mitigation strategies, refer to the Microsoft Security Response Center's advisory.

Affected Version(s)

Microsoft Defender for IoT Unknown 22.0.0 < 24.1.3

News Articles

favicon imageCrowdStrike.com

April 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft released patches for 150 vulnerabilities, including 3 critical RCE vulnerabilities, for its April 2024 Patch Tuesday rollout.

9 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CrowdStrike.com

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)
.