CVE-2024-26248 | THREATINT

Home

Description

Windows Kerberos Elevation of Privilege Vulnerability

PUBLISHED Reserved 2024-02-15 | Published 2024-04-09 | Updated 2025-05-03 | Assigner microsoft

HIGH: 7.5CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Problem types

CWE-303: Incorrect Implementation of Authentication Algorithm

Product status

10.0.17763.0 (custom) before 10.0.17763.5696

affected

10.0.0 (custom) before 10.0.17763.5696

affected

10.0.17763.0 (custom) before 10.0.17763.5696

affected

10.0.17763.0 (custom) before 10.0.17763.5696

affected

10.0.20348.0 (custom) before 10.0.20348.2402

affected

10.0.0 (custom) before 10.0.22000.2899

affected

10.0.19043.0 (custom) before 10.0.19044.4291

affected

10.0.22621.0 (custom) before 10.0.22621.3447

affected

10.0.19045.0 (custom) before 10.0.19045.4291

affected

10.0.22631.0 (custom) before 10.0.22631.3447

affected

10.0.22631.0 (custom) before 10.0.22631.3447

affected

10.0.25398.0 (custom) before 10.0.25398.830

affected

10.0.10240.0 (custom) before 10.0.10240.20596

affected

10.0.14393.0 (custom) before 10.0.14393.6897

affected

10.0.14393.0 (custom) before 10.0.14393.6897

affected

10.0.14393.0 (custom) before 10.0.14393.6897

affected

6.0.6003.0 (custom) before 6.0.6003.22618

affected

6.0.6003.0 (custom) before 6.0.6003.22618

affected

6.0.6003.0 (custom) before 6.0.6003.22618

affected

6.1.7601.0 (custom) before 6.1.7601.27067

affected

6.1.7601.0 (custom) before 6.1.7601.27067

affected

6.2.9200.0 (custom) before 6.2.9200.24821

affected

6.2.9200.0 (custom) before 6.2.9200.24821

affected

6.3.9600.0 (custom) before 6.3.9600.21924

affected

6.3.9600.0 (custom) before 6.3.9600.21924

affected

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26248 (Windows Kerberos Elevation of Privilege Vulnerability) vendor-advisory

cve.org (CVE-2024-26248)

nvd.nist.gov (CVE-2024-26248)

Download JSON