CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-43468

Critical Severity
Microsoft
SVRS
96/100
CVSSv3
9.8/10
EPSS
0.73152/1

CVE-2024-43468 is a critical Remote Code Execution vulnerability in Microsoft Configuration Manager. This flaw allows attackers to execute arbitrary code on affected systems.

With a SOCRadar Vulnerability Risk Score (SVRS) of 96, CVE-2024-43468 requires immediate attention due to its high risk. The high SVRS is influenced by factors like active exploits being available and the vulnerability being observed "In The Wild". This vulnerability, categorized under CWE-89, poses a significant threat as successful exploitation grants attackers full control over compromised systems. Organizations using Microsoft Configuration Manager should apply the vendor-supplied patch urgently. The availability of exploits amplifies the risk, making it crucial to mitigate this critical vulnerability promptly to prevent potential data breaches and system compromise. The fact that active exploits are available makes this a severe threat.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2024-10-08
LAST MODIFIED2025-01-29
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-43468 is a critical vulnerability in Microsoft Configuration Manager that allows remote code execution. The vulnerability is caused by an improper validation of input in the Configuration Manager client. An attacker could exploit this vulnerability by sending a specially crafted message to a vulnerable client, which could allow the attacker to execute arbitrary code on the client system.

Key Insights

  • The CVSS score of 9.8 indicates that this vulnerability is critical and should be addressed immediately.
  • The SVRS score of 30 indicates that this vulnerability is not as severe as other vulnerabilities with higher SVRS scores.
  • There are no known active exploits for this vulnerability.
  • CISA has not issued a warning for this vulnerability.

Mitigation Strategies

  • Apply the latest security updates from Microsoft.
  • Disable the Configuration Manager client service.
  • Block access to the vulnerable ports.
  • Use a firewall to block unauthorized access to the network.

Additional Information

If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
nikallass/CVE-2024-43468_mTLS_gohttps://github.com/nikallass/CVE-2024-43468_mTLS_go2025-01-17
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

Weekly Cybersecurity Update: Recent Cyber Attacks, Vulnerabilities, and Data Breaches
Guru Baran2025-01-26
Weekly Cybersecurity Update: Recent Cyber Attacks, Vulnerabilities, and Data Breaches | Welcome to this week’s Cybersecurity Newsletter, where we bring you the latest updates and key insights from the ever-evolving world of cybersecurity. In today’s fast-paced digital environment, staying informed is crucial, and our goal is to provide you with the most relevant information to navigate these challenges effectively. This edition focuses on emerging threats and [&#8230;] The post Weekly Cybersecurity Update: Recent Cyber Attacks, Vulnerabilities, and Data Breaches</a
cybersecuritynews.com
rss
forum
news
Microsoft Configuration Manager Vulnerability Allows Remote Code Execution – PoC Released
Guru Baran2025-01-20
Microsoft Configuration Manager Vulnerability Allows Remote Code Execution – PoC Released | A critical vulnerability, CVE-2024-43468, has been identified in Microsoft Configuration Manager (ConfigMgr), posing a severe security risk to organizations relying on this widely used systems management software. Rated with a CVSS score of 9.8, the vulnerability allows unauthenticated attackers to execute remote code on affected systems, potentially leading to complete system compromise. CVE-2024-43468 stems from [&#8230;] The post Microsoft Configuration Manager Vulnerability Allows Remote Code Execution &#8211; PoC Released<
cybersecuritynews.com
rss
forum
news
Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468)
/u/AlmondOffSec2025-01-16
Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) | &#32; submitted by &#32; /u/AlmondOffSec [link] &#32; [comments]&#32; submitted by &#32; /u/AlmondOffSec [link]
reddit.com
rss
forum
news
CVE-2024-43468 | Microsoft Configuration Manager sql injection
vuldb.com2025-01-10
CVE-2024-43468 | Microsoft Configuration Manager sql injection | A vulnerability, which was classified as very critical, was found in Microsoft Configuration Manager. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-43468. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com
rss
forum
news
14th October – Threat Intelligence Report
lorenf2024-12-02
14th October – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 14th October, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Nonprofit healthcare organization Axis Health System has been hit by a ransomware attack by the Rhysida gang, leading to the theft of sensitive data, including mental health and substance abuse records. Rhysida [&#8230;] The post 14th October – Threat Intelligence Report appeared first on Check Point Research<
checkpoint.com
rss
forum
news
The October 2024 Security Update Review
Dustin Childs2024-12-02
The October 2024 Security Update Review | It’s the spooky season, and there’s nothing spookier than security patches – at least in my world. Microsoft and Adobe have released their latest patches, and no bones about it, there are some skeletons in those closets. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for
zerodayinitiative.com
rss
forum
news
Tripwire Patch Priority Index for October 2024 - tripwire.com
2024-11-05
Tripwire Patch Priority Index for October 2024 - tripwire.com | Description: Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. | News Content: Image Tripwire's October 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. First on the list are patches for Microsoft Edge, Office, Excel, and Visio that resolve remote code execution, elevation of privilege, and spoofing vulnerabilities. Next are patches that affect components of the core Windows operating system. These patches resolve over 80 vulnerabilities, including elevation of privilege, information disclosure, security feature bypass, denial of service, and remote code execution vulnerabilities. These
google.com
rss
forum
news

Social Media

Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated SQL injections #MicrosoftConfigurationManager #UnauthenticatedSQL #CriticalVulnerability #CVE-2024-43468 #RemoteCodeExecution https://t.co/ufuoPtTZjz
0
0
0
🚨 RCE in #Microsoft #ConfigMgr (CVE-2024-43468)! Unauthenticated attackers could execute commands via SQL injection in MP_Location service. Public exploits are on GitHub, no wild exploitation yet. ➡️ https://t.co/PUQqgBw62U https://t.co/UhUTxepqW3
0
0
0
A critical SQL injection vulnerability (CVE-2024-43468) in Microsoft Configuration Manager could allow unauthenticated attacks to execute arbitrary commands. Patches released—urgent implementation needed! 🚨 #Microsoft #SQLInjection link: https://t.co/Qd3yIo1WOl https://t.co/0vR1AG8xSt
0
0
0
⚠️ CVE-2024-43468: PoC de un Exploit crítico en Microsoft Configuration Manager (CVSS 9.8) sale a luz! https://t.co/PrL7Cx0sUK
0
2
2
Microsoft Configuration Manager’da Kritik Güvenlik Açığı: CVE-2024-43468 https://t.co/t8IlkwxDAw
0
0
0
CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code - https://t.co/9kbxh7gtst
0
0
0
CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code https://t.co/Hy5eLQmQnv
0
3
14
CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code https://t.co/S6CV1y9606
0
1
4
CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code https://t.co/JK4hM2Nkcl "The vulnerability resides in the MP_Location service, which processes messages sent by clients to the Microsoft Configuration Manager."
0
0
0
Microsoft Configuration Manager Exploit Revealed with PoC Code Discover the technical details and PoC of CVE-2024-43468 (CVSS 9.8), a critical vulnerability in Microsoft Configuration Manager. Learn how attackers can exploit SQL injection vulnerabilities https://t.co/EG4lx6gf8d
0
0
1

Affected Software

Configuration 1
TypeVendorProduct
AppMicrosoftconfiguration_manager

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468
MICROSOFT CONFIGURATION MANAGER REMOTE CODE EXECUTION VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468

CWE Details

CWE IDCWE NameDescription
CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence