CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-20697

High Severity
Microsoft
SVRS
40/100
CVSSv3
NA/10
EPSS
0.53545/1

CVE-2024-20697 is a Remote Code Execution vulnerability in Windows Libarchive, allowing attackers to potentially execute arbitrary code on affected systems. This vulnerability impacts the security of Windows systems, making it a significant concern for organizations.

While the CVSS score is 0, indicating a base score of none, the presence of "In The Wild" tag suggests active exploitation. SOCRadar has assigned this CVE a Vulnerability Risk Score (SVRS) of 40. Although this score doesn't qualify as "critical" (SVRS > 80), indicating immediate action, it warrants careful monitoring and patching. Successful exploitation could lead to complete system compromise, data breaches, and other severe security incidents. Given the possibility of exploit, organizations should prioritize patching and implementing recommended mitigations to reduce their attack surface. Keeping an eye on any rise of the SVRS score would also be a good idea.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-01-09
LAST MODIFIED2024-10-08
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-20697 is a remote code execution vulnerability in Windows Libarchive. This vulnerability allows an attacker to execute arbitrary code on a target system by sending a specially crafted archive file. The vulnerability has a CVSS score of 7.3, indicating a high severity level. However, the SOCRadar Vulnerability Risk Score (SVRS) for this vulnerability is 0, indicating that it is not currently considered a critical threat.

Key Insights

  • This vulnerability affects all versions of Windows.
  • An attacker could exploit this vulnerability to gain complete control of a target system.
  • There are no known active exploits for this vulnerability.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has not issued a warning about this vulnerability.

Mitigation Strategies

  • Apply the latest Windows security updates.
  • Disable the Windows Libarchive service.
  • Use a firewall to block access to the affected ports.
  • Implement intrusion detection and prevention systems.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ZDI-24-1696: libarchive RAR File Parsing Integer Overflow Remote Code Execution Vulnerability
2024-12-19
ZDI-24-1696: libarchive RAR File Parsing Integer Overflow Remote Code Execution Vulnerability | This vulnerability allows remote attackers to execute arbitrary code on affected installations of libarchive. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2024-20697.
zerodayinitiative.com
rss
forum
news
CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability
Trend Micro Research Team2024-04-17
CVE-2024-20697: Windows Libarchive Remote Code Execution Vulnerability | In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Guy Lederfein and Jason McFadyen of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in Microsoft Windows. This bug was originally discovered by the Microsoft Offensive Research &amp; Security Engineering team. Successful exploitation could result in arbitrary code execution in the context of the application using the vulnerable library. The following is a portion of their write-up covering CVE-2024-20697, with a few minimal modifications.<
cve-2024-20697
domains
urls
cves
22nd April – Threat Intelligence Report
[email protected]2024-04-22
22nd April – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 22nd April, please download our Threat_Intelligence Bulletin. TOP ATTACKS AND BREACHES MITRE Corporation disclosed a security event that occurred in January 2024. The attack, which is linked to Chinese APT group UNC5221, involved exploitation of two zero-day vulnerabilities in Ivanti VPN products. The attacker [&#8230;] The post 22nd April – Threat Intelligence Report appeared first on Check Point
cve-2024-24996
cve-2023-5674
cve-2023-0017
cve-2024-20697
The January 2024 Security Update Review
Dustin Childs2024-01-09
The January 2024 Security Update Review | Welcome to the first patch Tuesday of 2024. As expected, Microsoft and Adobe have released their latest security patches. Take a break from your other activities and join us as we review the details of their latest advisories. If you’d rather watch the video recap, you can check it out here: Adobe Patches for January 2024For January, Adobe released a single patch addressing six CVEs in <a
cve-2024-21307
cve-2024-20700
cve-2024-21313
cve-2024-20696

Social Media

Sicherheitslücke CVE-2024-20697 in Windows 11 und Server 2022 behoben https://t.co/dsCYoUamre
0
0
1
Die Lücke CVE-2024-20697 betrifft vor allem Windows 11 und Windows Server 2022. Angreifer können durch das Ausnutzen dieser Lücke Code auf die Server und PCs schmuggeln und damit das Netzwerk kompromittieren. https://t.co/zFGyobTTjz
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_11_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
[email protected]https://github.com/advisories/GHSA-w6xv-37jv-7cjr
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
[email protected]https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
[email protected]http://www.openwall.com/lists/oss-security/2024/06/05/1
[email protected]https://github.com/advisories/GHSA-w6xv-37jv-7cjr
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
[email protected]https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability
[email protected]http://www.openwall.com/lists/oss-security/2024/06/04/2
[email protected]http://www.openwall.com/lists/oss-security/2024/06/05/1
[email protected]https://github.com/advisories/GHSA-w6xv-37jv-7cjr
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697
[email protected]https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability

CWE Details

CWE IDCWE NameDescription
CWE-122Heap-based Buffer OverflowA heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence