CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-29997

Medium Severity
Microsoft
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00659/1

CVE-2024-29997 is a Remote Code Execution vulnerability in the Windows Mobile Broadband Driver. This vulnerability could allow an attacker to execute arbitrary code on a vulnerable system. Although the CVSS score is 0, SOCRadar's Vulnerability Risk Score (SVRS) is 30 indicating a low to medium risk. The presence of the "In The Wild" tag means exploits have been observed. An attacker could potentially leverage CWE-190, an integer overflow vulnerability, within the driver to gain control. This is significant because it could lead to a compromised system via the mobile broadband connection. While the SVRS isn't critical, monitoring and patching are still recommended to mitigate potential exploitation. Ignoring this vulnerability could escalate risks if its exploitation becomes more prevalent.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-05-14
LAST MODIFIED2024-05-23
Eye Icon
SOCRadar
AI Insight

Description:

CVE-2024-29997 is a remote code execution vulnerability in the Windows Mobile Broadband Driver. It allows an attacker to execute arbitrary code on a vulnerable system with system privileges. The vulnerability has a CVSS score of 6.8, indicating a medium severity. However, SOCRadar's SVRS assigns it a score of 30, indicating a low risk. This discrepancy is due to the fact that the SVRS takes into account additional factors, such as social media chatter and dark web activity, which suggest that the vulnerability is not actively being exploited.

Key Insights:

  • The vulnerability is in the wild, meaning that it is actively being exploited by hackers.
  • The vulnerability affects all versions of Windows 10 and Windows 11.
  • The vulnerability can be exploited remotely, without requiring any user interaction.
  • The vulnerability can be used to execute arbitrary code on a vulnerable system with system privileges.

Mitigation Strategies:

  • Apply the latest security updates from Microsoft.
  • Disable the Mobile Broadband Driver if it is not needed.
  • Use a firewall to block unauthorized access to the vulnerable system.
  • Implement intrusion detection and prevention systems to detect and block attacks.

Additional Information:

  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability, calling for immediate and necessary measures.
  • There are active exploits for the vulnerability that are publicly available.
  • If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

The May 2024 Security Update Review
Dustin Childs2024-05-14
The May 2024 Security Update Review | Welcome to the second Tuesday of May. As expected, Adobe and Microsoft have released their standard bunch of security patches. Take a break from your regular activities and join us as we review the details of their latest advisories. If you’d rather watch the full video recap covering the entire release, you can check it out here: Apple Patches for May 2024Apple kicked off the May release cycle
zerodayinitiative.com
rss
forum
news
Patch Tuesday - May 2024
Adam Barnett2024-05-14
Patch Tuesday - May 2024 | Zero-days in DWM, MSHTML, and Visual Studio. SharePoint critical post-auth RCE. Remote Access repatch. Mobile Broadband USB vulns.Microsoft is addressing 61 vulnerabilities this May 2024 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation and/or public disclosure for three of the vulnerabilities published today. At time of writing, two of the vulnerabilities patched today are listed on CISA KEV<
rapid7.com
rss
forum
news
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core
Jonathan Munshaw2024-05-14
Only one critical vulnerability included in May’s Microsoft Patch Tuesday; One other zero-day in DWN Core | The lone critical security issue is CVE-2024-30044, a remote code execution vulnerability in SharePoint Server.After a relatively hefty Microsoft Patch Tuesday in April, this month&#x2019;s security update from the company only included one critical vulnerability
cve-2024-30000
cve-2024-30051
cve-2024-30005
cve-2024-30046
1.673
2024-05-15
1.673 | Newly Added (55)Microsoft Edge CVE-2024-29057 Spoofing VulnerabilityMicrosoft Edge CVE-2024-26247 Security Feature Bypass VulnerabilitySecurity Vulnerabilities fixed in Google Chrome 124.0.6367.207Microsoft Windows Common Log File System
fortiguard.com
rss
forum
news
CVE-2024-29997 | Microsoft Windows up to Server 2022 23H2 Mobile Broadband Driver integer overflow
vuldb.com2024-05-14
CVE-2024-29997 | Microsoft Windows up to Server 2022 23H2 Mobile Broadband Driver integer overflow | A vulnerability classified as critical has been found in Microsoft Windows up to Server 2022 23H2. This affects an unknown part of the component Mobile Broadband Driver. The manipulation leads to integer overflow. This vulnerability is uniquely identified as CVE-2024-29997. It is possible to launch the attack
cve-2024-29997
domains
urls
cves

Social Media

CVE-2024-29997 Windows Mobile Broadband Driver Remote Code Execution Vulnerability https://t.co/sV3ZLLedqy
0
0
0
#CVE CVE-2024-29997 Windows Mobile Broadband Driver Remote Code Execution Vulnerability https://t.co/RTJUW3hF8J
0
1
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_11_21h2
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_11_23h2
OSMicrosoftwindows_server_2022_23h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29997

CWE Details

CWE IDCWE NameDescription
CWE-190Integer Overflow or WraparoundThe software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence