PT-2024-5703 · Microsoft · Windows Wlan Autoconfig Service+1

John Jackson

Published

2024-08-13

Updated

2025-02-06

CVE-2024-38143

CVSS v3.1

4.2

Medium

Vector

AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Windows WLAN AutoConfig Service (affected versions not specified)

Description An elevation-of-privilege issue allows attackers to affect the system. The issue is related to the lack of authentication for a critical function in the Windows WLAN AutoConfig Service. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. Technical details about exploitation, such as specific API endpoints, vulnerable parameters, or function names, are not provided.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2024-06416

CVE-2024-38143

Affected Products

Windows

Windows Wlan Autoconfig Service

PT-2024-5703 · Microsoft · Windows Wlan Autoconfig Service+1

CVE-2024-38143

Weakness Enumeration

Related Identifiers

Affected Products

References · 10