CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-49113

Critical Severity
Microsoft
SVRS
78/100
CVSSv3
7.5/10
EPSS
0.88204/1

CVE-2024-49113 is a Denial of Service vulnerability affecting Windows Lightweight Directory Access Protocol (LDAP). This LDAP vulnerability could allow attackers to disrupt services by overwhelming the system. While the CVSS score is 7.5, SOCRadar's Vulnerability Risk Score (SVRS) is 78, signaling a serious threat needing prompt attention. The vulnerability is currently being exploited In The Wild, and active exploits are available. Successful exploitation could lead to server downtime and impact business operations. It is crucial to apply the necessary patches provided in the vendor-advisory and monitor systems for suspicious LDAP activity to mitigate potential risks. Due to the availability of the Exploit Available, the vulnerability is an elevated risk.

TAGS
In The Wild
Exploit Avaliable
Vendor-advisory
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
E:U
RL:O
RC:C
PUBLICATION DATE2025-03-11
LAST MODIFIED2024-12-10
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-49113 is a recently disclosed vulnerability with an unknown description at this time. While the CVSS score is 0, indicating a lack of readily available information, the SOCRadar Vulnerability Risk Score (SVRS) is 64, placing it in the Moderate range. This suggests a potential for significant impact, warranting immediate attention.

Key Insights

  • In The Wild: This vulnerability is actively being exploited by hackers in real-world attacks.
  • Exploit Available: Proof-of-concept exploits have been publicly released, making it easier for malicious actors to leverage this vulnerability.
  • Unknown Description: The lack of a description currently makes it difficult to determine the specific impact of this vulnerability and the systems affected. This highlights the urgency of obtaining more information to fully understand its potential consequences.

Mitigation Strategies

  1. Immediate Patching: Apply available patches or updates as soon as possible to address the vulnerability. This is the most crucial step to prevent exploitation.
  2. Network Segmentation: Isolate vulnerable systems from the rest of the network to limit the potential impact of a successful exploit.
  3. Intrusion Detection/Prevention Systems (IDS/IPS): Configure your IDS/IPS to detect and block known exploits targeting this vulnerability.
  4. Security Awareness Training: Educate users about the risks of clicking on suspicious links or opening malicious attachments, as social engineering can be used to exploit this vulnerability.

Additional Information: If users have additional queries regarding this incident, they can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information if necessary.

Indicators of Compromise

TypeIndicatorDate
HASH
40f7e15634ccf85de9c1469da7f6f13b2025-02-16
HASH
423172ddeb0960115d396095818f90f72025-02-16
HASH
625794112bb06b2dba2a7b45b8f3052b2025-02-16
HASH
abac9826a3a9ed955f6572254901ca922025-02-16
HASH
ae3727236430871f2b2d5dc5305b26992025-02-16
HASH
c1edb88c26e6b2d93f8bcb6d5814ad192025-02-16
HASH
ce0417034e1d116a820ee4d3eefb69552025-02-16

Exploits

TitleSoftware LinkDate
0xMetr0/metasploit-ldapnightmarehttps://github.com/0xMetr0/metasploit-ldapnightmare2025-02-15
SafeBreach-Labs/CVE-2024-49113https://github.com/SafeBreach-Labs/CVE-2024-491132025-01-01
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

6th January– Threat Intelligence Report
[email protected]2025-03-01
6th January– Threat Intelligence Report | For the latest discoveries in cyber research for the week of 6th January, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Check Point elaborated on the US Treasury Department cyber-attack that compromised employee workstations and classified documents. The breach, attributed to a China state-sponsored threat actor, involved unauthorized remote access using a security […] The post 6th January– Threat Intelligence Report appeared first on Check Point
cve-2024-12686
cve-2024-12356
cve-2024-49113
cve-2024-12108
Micropatches Released for Windows "LDAPNightmare" Denial of Service Vulnerability (CVE-2024-49113)
Mitja Kolsek ([email protected])2025-03-01
Micropatches Released for Windows "LDAPNightmare" Denial of Service Vulnerability (CVE-2024-49113) | December 2024 Windows Updates brought a patch for CVE-2024-49113
blogspot.com
rss
forum
news
What We Know About CVE-2024-49112 and CVE-2024-49113
2025-03-01
What We Know About CVE-2024-49112 and CVE-2024-49113 | This blog entry provides an overview of CVE-2024-49112 and CVE-2024-49113 and includes information that IT and SOC professionals need to know to stay protected against possible exploitation.
trendmicro.com
rss
forum
news
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Sarah Pearl Camiling2025-03-01
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Our blog entry discusses a fake PoC exploit for LDAPNightmare (CVE-2024-49113) that is being used to distribute information-stealing malware.
trendmicro.com
rss
forum
news
The December 2024 Security Update Review
Dustin Childs2025-02-01
The December 2024 Security Update Review | We have made it to the end of the year and the final Patch Tuesday of 2024. As expected, Microsoft and Adobe have released what (hopefully) will be their last patches of the year. Take a break from your holiday preparations and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for December 2024</strong
zerodayinitiative.com
rss
forum
news
Malicious GitHub PoC Exploit Spreads Infostealer Malware
Shruti Jain ([email protected])2025-01-17
Malicious GitHub PoC Exploit Spreads Infostealer Malware | &nbsp; A malicious GitHub repository disguises a proof-of-concept (PoC) exploit for CVE-2024-49113, also known as "LDAPNightmare," delivering infostealer malware that sends sensitive data to an external FTP server. Disguised as a legitimate PoC, the
blogger.com
rss
forum
news
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28
Pierluigi Paganini2025-01-12
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 28 | Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Finding Malware: Unveiling PLAYFULGHOST with Google Security Operations&#160;&#160; Scam Sniffer 2024: Web3 Phishing Attacks – Wallet Drainers Drain $494 Million&#160; EAGERBEE, with updated and novel components, targets the Middle East&#160;&#160; Gayfemboy: A Botnet Deliver Through a [&#8230;] Security Affairs Malware newsletter includes a collection of the
securityaffairs.co
rss
forum
news

Social Media

Hey #Cybersecurity pros! Is your server partying like it's 1999 with the LDAPNightmare? 😱 Courtesy of CVE-2024-49113. But don’t panic — @Microsoft has your back with the latest patch 🛡️ Don’t delay, update today! #Infosec #WindowsServer #ThreatMitigation @guhe120 https://t.co/RT0F5xtU7h
0
0
0
Beware of fake #PoC exploits! Our recent blog uncovers how CVE-2024-49113 is being leveraged to distribute information-stealing malware. Follow this link to understand the tactics used by attackers and how to safeguard your environment: ⬇️ https://t.co/KCAuq4WJ5x
0
0
0
🧵 Fio: 1/ ❓ Como os atacantes podem explorar os CVE-2024-49112 e CVE-2024-49113? Essas vulnerabilidades podem ser usadas para comprometer seu sistema. https://t.co/LS6Bei0cmR
1
0
0
3/ 🔗 CVE-2024-49113 Essa vulnerabilidade utiliza uma cadeia de exploração que começa com o envio de uma solicitação DCE/RPC ao servidor, causando um bloqueio do sistema e resultando em um reinício forçado.
1
0
0
🧵 Hilo: 1/ ❓ ¿Cómo pueden los atacantes explotar CVE-2024-49112 y CVE-2024-49113? Estas vulnerabilidades podrían ser utilizadas para comprometer tu sistema https://t.co/QmfekMQjlc
1
0
0
3/ 🔗 CVE-2024-49113 Esta vulnerabilidad utiliza una cadena de explotación que comienza con el envío de una solicitud DCE/RPC al servidor, lo que provoca un bloqueo del sistema y termina en un reinicio forzoso.
1
0
0
CVE-2024-49112 is under scrutiny after a typographical error mislabeling it as CVE-2024-49113 enabled a spoof GitHub repository. Beware of potential malware data collection &amp; FTP risks! 🔒🐱‍💻 #GitHubSecurity #MalwareAlert #USA link: https://t.co/weGhHKgEYB https://t.co/Sd2WMUPbR9
0
0
0
Beware of fake #PoC exploits! Our latest blog uncovers how CVE-2024-49113 is being leveraged to distribute information-stealing malware. Follow this link to understand the tactics used by attackers and how to safeguard your environment:⬇️ https://t.co/KCAuq4WJ5x
0
0
0
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit | Trend Micro (US) https://t.co/692RAyHIZW
0
1
0
The recently discovered LDAPNightmare exploit (CVE-2024-49113) can disrupt your critical Windows infrastructure. Get your comprehensive guide to: 1. Understanding LDAPNightmare 2. Detecting the vulnerability 3. Defending against potential attacks https://t.co/sffA0LF8tG https://t.co/CyMwVeaC6r
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSMicrosoftwindows_10_1507
OSMicrosoftwindows_10_1607
OSMicrosoftwindows_10_1809
OSMicrosoftwindows_10_21h2
OSMicrosoftwindows_server_2022
OSMicrosoftwindows_server_2016
OSMicrosoftwindows_11_22h2
OSMicrosoftwindows_server_2019
OSMicrosoftwindows_server_2008
OSMicrosoftwindows_10_22h2
OSMicrosoftwindows_server_2012
OSMicrosoftwindows_server_2022_23h2
OSMicrosoftwindows_11_24h2

References

ReferenceLink
[email protected]https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113
WINDOWS LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP) DENIAL OF SERVICE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113
WINDOWS LIGHTWEIGHT DIRECTORY ACCESS PROTOCOL (LDAP) DENIAL OF SERVICE VULNERABILITYhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49113

CWE Details

CWE IDCWE NameDescription
CWE-125Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence