Multiple vulnerabilities in Microsoft Windows Mobile Broadband Driver



Risk Low
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2024-43555
CVE-2024-43540
CVE-2024-43561
CVE-2024-43543
CVE-2024-43526
CVE-2024-43559
CVE-2024-43525
CVE-2024-43542
CVE-2024-43538
CVE-2024-43537
CVE-2024-43524
CVE-2024-43536
CVE-2024-43557
CVE-2024-43558
CVE-2024-43523
CWE-ID CWE-125
CWE-20
CWE-601
CWE-476
CWE-908
CWE-118
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Windows
Operating systems & Components / Operating system

Windows Server
Operating systems & Components / Operating system

Vendor Microsoft

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU98155

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43555

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in the Windows Mobile Broadband Driver. A remote attacker on the local network can trigger an out-of-bounds read error and cause a denial of service condition on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3 External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43555


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU98169

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43540

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43540


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU98168

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43561

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43561


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Open redirect

EUVDB-ID: #VU98167

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43543

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a local attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in Windows Mobile Broadband Driver. An attacker with physical access can plug in a malicious USB drive and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43543


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU98166

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43526

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. An attacker with physical access can plug in a malicious USB drive and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43526


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) NULL pointer dereference

EUVDB-ID: #VU98165

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43559

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43559


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU98164

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43525

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. An attacker with physical access can plug in a malicious USB drive and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43525


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU98163

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43542

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43542


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Input validation error

EUVDB-ID: #VU98162

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43538

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43538


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Use of uninitialized resource

EUVDB-ID: #VU98161

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43537

CWE-ID: CWE-908 - Use of Uninitialized Resource

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of uninitialized resources in Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted data to the application, trigger uninitialized usage of resources and cause a denial of service condition on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43537


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Incorrect Access of Indexable Resource ('Range Error')

EUVDB-ID: #VU98160

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43524

CWE-ID: CWE-118 - Incorrect Access of Indexable Resource (\'Range Error\')

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the target system.

The vulnerability exists due to incorrect access of indexable resource. An attacker with physical access can plug in a malicious USB drive and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43524


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Open redirect

EUVDB-ID: #VU98159

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43536

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a local attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in Windows Mobile Broadband Driver. An attacker with physical access can plug in a malicious USB drive and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43536


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU98157

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43557

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43557


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU98156

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43558

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Windows Mobile Broadband Driver. A remote attacker on the local network can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43558


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Input validation error

EUVDB-ID: #VU98170

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2024-43523

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient validation of user-supplied input in Windows Mobile Broadband Driver. An attacker with physical access can plug in a malicious USB drive and execute arbitrary code on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Windows: before 10 21H2 10.0.19044.5011, 10 22H2 10.0.19045.5011, 10 1607 10.0.14393.7428, 10 1809 10.0.17763.6414, 11 21H2 10.0.22000.3260, 11 22H2 10.0.22621.4317, 11 23H2 10.0.22631.4317, 11 24H2 10.0.26100.2033, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011, 10 21H2 10.0.19044.5011

Windows Server: before 2022 23H2 10.0.25398.1189

CPE2.3
External links

http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-43523


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###