Remote Denial of Service Vulnerability in Microsoft HoloLens Devices
CVE-2024-57972

6.5MEDIUM

Key Information:

Vendor: Microsoft
Status: Hololens
Vendor: CVE Published:; 6 March 2025

Summary

A security flaw exists in the pairing request method utilized by Microsoft HoloLens devices that can be exploited by remote attackers. This vulnerability allows malicious actors to disrupt the normal operation of the device via the Device Portal framework, potentially leading to a Denial of Service attack. Users of affected HoloLens devices may experience significant interruptions as a result of this issue.

Affected Version(s)

HoloLens HoloLens 1 10 <= 10.0.17763.3046

HoloLens HoloLens 2 10 <= 10.0.22621.1244

References

https://github.com/tania-silva/Hololens

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 6, 2025
Vulnerability Reserved
Feb 20, 2025