PT-2024-6848 · Microsoft · Simple Certificate Enrollment Protocol+1
Published
2024-10-08
·
Updated
2024-10-17
·
CVE-2024-43541
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Windows (affected versions not specified)
Microsoft Simple Certificate Enrollment Protocol (affected versions not specified)
Description
The issue is related to an uncontrolled resource consumption in the implementation of the Simple Certificate Enrollment Protocol (SCEP) in Windows operating systems. This can be exploited by a remote attacker to cause a denial of service.
Recommendations
For Windows, consider restricting access to the SCEP protocol until a patch is available.
As a temporary workaround, consider disabling the SCEP protocol to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Simple Certificate Enrollment Protocol
Windows