CVE-2024-43571: Sudo for Windows Spoofing Vulnerability

Overview

Severity

Medium (CVSS 5.6)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Oct

Released

2024-10-08

EPSS Score

0.38% (percentile: 59.5%)

FAQ

According to the CVSS metric, user interaction is required (UI:R) and privileges required are low (PR:L). What does that mean for this vulnerability? An authenticated attacker must launch a specially crafted malicious application and wait for the victim to perform a command in a console window for the vulnerability to be exploited.

Affected Products (2)

Windows

• Windows 11 Version 24H2 for ARM64-based Systems
• Windows 11 Version 24H2 for x64-based Systems

Security Updates (1)

• 5044284

Acknowledgments

<a href="https://www.linkedin.com/in/micrictor/">Michael Torres</a>

Revision History

• 2024-10-08: Information published.