Main Vulnerability Database Vulnerabilities #VU95899

Missing Authentication for Critical Function in Windows and Windows Server - CVE-2024-38143

Published: August 13, 2024

Vulnerability identifier: #VU95899

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-38143

CWE-ID: CWE-306

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Windows
Windows Server

Detailed vulnerability description

The vulnerability allows a local attacker to compromise the target system.

The vulnerability exists due to missing authentication for critical function in Windows WLAN AutoConfig Service. An attacker with physical access can gain access to sensitive information on the system.

How to mitigate CVE-2024-38143

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38143

Missing Authentication for Critical Function in Windows and Windows Server - CVE-2024-38143

Detailed vulnerability description

How to mitigate CVE-2024-38143

Sources

Please verify you're human