CVE-2024-49111
published 2024-12-12CVE-2024-49111: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
PriorityP429medium6.6CVSS 3.1
AVPACLPRLUINSUCHIHAH
EPSS
0.79%
51.3th percentile
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_10_1809 | < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_21h2 | < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_22h2 | < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_10_version_1809 | >= 10.0.17763.0 < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_10_version_21h2 | >= 10.0.19043.0 < 10.0.19044.5247 | 10.0.19044.5247 |
| microsoft | windows_10_version_22h2 | >= 10.0.19045.0 < 10.0.19045.5247 | 10.0.19045.5247 |
| microsoft | windows_11_22h2 | < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_23h2 | < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_24h2 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_11_version_22h2 | >= 10.0.22621.0 < 10.0.22621.4602 | 10.0.22621.4602 |
| microsoft | windows_11_version_22h3 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_23h2 | >= 10.0.22631.0 < 10.0.22631.4602 | 10.0.22631.4602 |
| microsoft | windows_11_version_24h2 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2019 | < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_server_2019 | >= 10.0.17763.0 < 10.0.17763.6659 | 10.0.17763.6659 |
| microsoft | windows_server_2022_23h2 | < 10.0.25398.1308 | 10.0.25398.1308 |
| microsoft | windows_server_2025 | < 10.0.26100.2605 | 10.0.26100.2605 |
| microsoft | windows_server_2025 | >= 10.0.26100.0 < 10.0.26100.2605 | 10.0.26100.2605 |
| msrc | windows_10_version_1809_for_32-bit_systems | — | — |
| msrc | windows_10_version_1809_for_x64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_21h2_for_arm64-based_systems | — | — |
| msrc | windows_10_version_21h2_for_x64-based_systems | — | — |
| msrc | windows_10_version_22h2_for_32-bit_systems | — | — |
| msrc | windows_10_version_22h2_for_arm64-based_systems | — | — |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc6.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q39m-4pxm-4x89: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
ghsa_unreviewed·2024-12-12
CVE-2024-49111 [MEDIUM] CWE-125 GHSA-q39m-4pxm-4x89: Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Microsoft
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
vendor_msrc·2024-12-10·CVSS 6.6
CVE-2024-49111 [MEDIUM] CWE-125 Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability?
To exploit this vulnerability, an attacker needs physical access to the victim's machine.
FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
Windows Wireless Wide Area Network Service: Windows Wireless Wide Area Network Service
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Elevation of Privilege
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A
Reference: https://catalog.update.micro
No detection rules found.
No public exploits indexed.
2024-12-12
Published