CVE-2024-30036
Published: 14 May 2024
Summary
CVE-2024-30036 is a medium-severity Improper Resolution of Path Equivalence (CWE-41) vulnerability in Microsoft Windows Server 2008. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 8.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
CVE-2024-30036 is an information disclosure vulnerability affecting the Windows Deployment Services component. It carries a CVSS 3.1 base score of 6.5 and is associated with CWE-41. The flaw permits unauthorized exposure of sensitive data when the affected service processes certain network requests.
An authenticated attacker with low privileges can exploit the issue remotely over the network without user interaction. Successful exploitation results in high-impact disclosure of confidential information while leaving integrity and availability unaffected.
Microsoft has published an advisory for CVE-2024-30036 that details available patches and mitigation guidance; administrators should consult the update guide at the referenced Microsoft Security Response Center URL for remediation steps. The EPSS score has remained flat at 0.0717 since disclosure, indicating no material increase in observed exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-27976
Vulnerability details
Windows Deployment Services Information Disclosure Vulnerability
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.