Attacker Value

Unknown

(1 user assessed)

Exploitability

Unknown

(1 user assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

CVE-2024-38134

Disclosure Date: August 13, 2024 •

CVE-2024-38134 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Persistence

Techniques

Validation

Boot or Logon Initialization Scripts: Logon Script (Mac)

Validated

Description

Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability

Add Assessment

duongnhatlinh (1)

January 17, 2025 12:23am UTC (1 month ago)•Edited 4 weeks ago

Ratings

Vulnerable in default configuration

Technical Analysis

hello world

See More &1 replySee Less

ccondon-r7 (286) January 22, 2025 7:48pm UTC (4 weeks ago)

Hi there, @duongnhatlinh! Please ensure you’re providing substantive commentary or assessments on CVEs in AttackerKB. Thanks!

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Windows 11 Version 24H2 10.0.26100.1457

Windows 10 Version 1809 10.0.17763.6189

Windows Server 2019 10.0.17763.6189

Windows Server 2019 (Server Core installation) 10.0.17763.6189

Windows Server 2022 10.0.20348.2655

Windows 11 version 21H2 10.0.22000.3147

Windows 10 Version 21H2 10.0.19044.4780

Windows 11 version 22H2 10.0.22621.4037

Windows 10 Version 22H2 10.0.19045.4780

Windows 11 version 22H3 10.0.22631.4037

Windows 11 Version 23H2 10.0.22631.4037

Windows Server 2022, 23H2 Edition (Server Core installation) 10.0.25398.1085

Windows 10 Version 1507 10.0.10240.20751

Windows 10 Version 1607 10.0.14393.7259

Windows Server 2016 10.0.14393.7259

Windows Server 2016 (Server Core installation) 10.0.14393.7259

Windows Server 2008 Service Pack 2 6.0.6003.22825

Windows Server 2008 Service Pack 2 (Server Core installation) 6.0.6003.22825

Windows Server 2008 Service Pack 2 6.0.6003.22825

Windows Server 2008 R2 Service Pack 1 6.1.7601.27277

Windows Server 2008 R2 Service Pack 1 (Server Core installation) 6.1.7601.27277

Windows Server 2012 R2 6.3.9600.22134

Windows Server 2012 R2 (Server Core installation) 6.3.9600.22134

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

microsoft

Products

References

Canonical

CVE-2024-38134 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-38134)

Miscellaneous

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134

Rapid7

Unknown

CVE-2024-38134

Unknown

Unknown

None

Low

Local

CVE-2024-38134

Description

Add Assessment

Ratings

Technical Analysis

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification