CVE-2024-49089
published 2024-12-12CVE-2024-49089: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Affected
47 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1507 | < 10.0.10240.20857 | 10.0.10240.20857 |
| microsoft | windows_10_1607 | < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_10_1809 | < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_21h2 | < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_22h2 | < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_10_version_1507 | >= 10.0.10240.0 < 10.0.10240.20857 | 10.0.10240.20857 |
| microsoft | windows_10_version_1607 | >= 10.0.14393.0 < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_11_22h2 | < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_23h2 | < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_24h2 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2008 | — | — |
| microsoft | windows_server_2008_r2_service_pack_1 | >= 6.1.7601.0 < 6.1.7601.27467 | 6.1.7601.27467 |
| microsoft | windows_server_2008_service_pack_2 | >= 6.0.6003.0 < 6.0.6003.23016 | 6.0.6003.23016 |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2012 | >= 6.2.9200.0 < 6.2.9200.25222 | 6.2.9200.25222 |
| microsoft | windows_server_2012_r2 | >= 6.3.9600.0 < 6.3.9600.22318 | 6.3.9600.22318 |
| microsoft | windows_server_2016 | < 10.0.14393.7606 | 10.0.14393.7606 |
| microsoft | windows_server_2016 | >= 10.0.14393.0 < 10.0.14393.7606 | 10.0.14393.7606 |
GHSA
GHSA-w784-x6v6-q82v: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
ghsa_unreviewed·2024-12-12
CVE-2024-49089 [HIGH] CWE-122 GHSA-w784-x6v6-q82v: Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Microsoft
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
vendor_msrc·2024-12-10·CVSS 7.2
CVE-2024-49089 [HIGH] CWE-190 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
FAQ: According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability?
To successfully exploit this vulnerability, an attacker or the targeted user would need to achieve a high level of control over a machine, as the attack requires access to processes typically restricted from average users.
Essentially, the exploitation necessitates elevated privileges on the compromised machine due to the requirement of manipulating processes beyond the reach of standard user permissions.
Windows Routing and Remote Access Service (RRAS): Windows Routing and Remote Access Service (RRAS)
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Explo
No detection rules found.
No public exploits indexed.
2024-12-12
Published