PT-2024-3001 · Microsoft · Windows Cryptographic Services+1

Erik Egsgard

Published

2024-04-09

Updated

2025-01-16

CVE-2024-29050

CVSS v3.1

8.4

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Windows Cryptographic Services (affected versions not specified)

Description The issue is related to insufficient input validation in Windows Cryptographic Services, which can be exploited to execute arbitrary code. This allows remote attackers to affect the system. There are reports of potential exploitation, but details about the estimated number of affected devices or real-world incidents are not provided.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-197CWE-20CWE-295

Related Identifiers

BDU:2024-03181

CVE-2024-29050

Affected Products

Windows

Windows Cryptographic Services

PT-2024-3001 · Microsoft · Windows Cryptographic Services+1

CVE-2024-29050

Weakness Enumeration

Related Identifiers

Affected Products

References · 18