CVE-2024-29995
Published: 13 August 2024
Summary
CVE-2024-29995 is a high-severity Observable Timing Discrepancy (CWE-208) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 8.1 (High).
Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-29995 is an elevation of privilege vulnerability in the Kerberos implementation on Windows. It received a CVSS 3.1 score of 8.1 with a vector of AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H and is also associated with CWE-208.
An unauthenticated attacker can exploit the flaw remotely over a network connection, albeit with high attack complexity, to obtain privileges sufficient to compromise confidentiality, integrity, and availability on the target system.
The sole reference points to the Microsoft Security Response Center advisory page for this CVE, which is the authoritative source for any official patches or mitigation guidance. The associated EPSS score remains low, with a current value of 0.0614 and a peak of 0.0636.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-26966
Vulnerability details
Windows Kerberos Elevation of Privilege Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.