CVE-2024-49138 | Attaxion

CISA Known Exploited Vulnerability (KEV)

Name

Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

Exploit added

December 10, 2024

Action due

December 31, 2024

Action required

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Description

Windows Common Log File System Driver Elevation of Privilege Vulnerability

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49138

Weakness Enumeration

CWE-ID	CWE Name
CWE-122	Heap-based Buffer Overflow

Known Affected Software Configurations

cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7428:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2966:::::::*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7606:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2201:::::::*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6659:::::::*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6414:::::::*
cpe:2.3:o:microsoft:windows_server_2022:10.0.20348.2762:::::::*
cpe:2.3:o:microsoft:windows_server_2022_23h2:10.0.25398.1308:::::::*
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7428::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::arm64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7606::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6414::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20857::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20796::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5011::::::x64:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6659::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19041.3920::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19041.3920::::::x86:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20857::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19045.5247::::::x86:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.7606::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.6659::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19041.3920::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::x86:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5011::::::x64:
cpe:2.3:o:microsoft:windows_10_22h2:10.0.19041.3920::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.5247::::::arm64:
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6532::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6293::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6189::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5696::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5820::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5458::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4737::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6351::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4974::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4645::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4886::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3406::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3770::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3165::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2565::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3046::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2452::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2237::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.1999::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2114::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7515::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7336::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7159::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2183::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7070::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4946::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6085::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6452::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4583::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6897::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4530::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4467::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5582::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.6054::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5648::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5501::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5576::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5936::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.5122::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5850::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5427::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4651::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4851::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6167::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3532::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3650::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3287::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3887::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2803::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2928::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2300::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.4252::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.2061::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5246::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5192::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.7259::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5356::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5291::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5125::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6796::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.6981::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.5066::::standard::x64:*
cpe:2.3:o:microsoft:windows_server_2016:10.0.14393.4704::::standard::x64:*
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6897::::::x64:
cpe:2.3:o:microsoft:windows_10_1607:10.0.14393.6897::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5576::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20596::::::x64:
cpe:2.3:o:microsoft:windows_10_1507:10.0.10240.20596::::::x86:
cpe:2.3:o:microsoft:windows_10_1809:10.0.17763.5122::::::x64:
cpe:2.3:o:microsoft:windows_10_21h2:10.0.19044.4291::::::arm64:

Details

Source:
NVD

Published:
December 12, 2024

Updated:
December 13, 2024

Risk information

CVSS v3

Base score:
7.8

Severity:

HIGH

Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

Not defined