CVE-2024-20700

Published Jan 9, 2024

Last updated 9 months ago

CVSS high 7.5

Overview

Description: Windows Hyper-V Remote Code Execution Vulnerability
Source: secure@microsoft.com
NVD status: Modified
Products: windows_10_1809, windows_10_21h2, windows_10_22h2, windows_11_21h2, windows_11_22h2, windows_11_23h2, windows_server_2019, windows_server_2022, windows_server_2022_23h2

Risk scores

CVSS 3.1

Type: Secondary
Base score: 7.5
Impact score: 5.9
Exploitability score: 1.6
Vector string: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

secure@microsoft.com: CWE-362
nvd@nist.gov: CWE-362

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "9C150F7E-8967-4AB8-8DF8-EBC89A10D554",
            "versionEndExcluding": "10.0.17763.5329"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "5BFCE595-C6A9-4F10-9EC7-58C1D66BB436",
            "versionEndExcluding": "10.0.19044.3930"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "047947E7-B85E-4D6A-9B92-E39E4828206E",
            "versionEndExcluding": "10.0.19045.3930"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "6FA472E2-4501-4597-9979-796258111DA5",
            "versionEndExcluding": "10.0.22000.2713"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "0F377DD9-2DBF-4202-AF3F-6AC6A809F4E2",
            "versionEndExcluding": "10.0.22000.2713"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
            "vulnerable": true,
            "matchCriteriaId": "C48178EC-BDEE-4F78-BCFB-B125F5CA0A9E",
            "versionEndExcluding": "10.0.22621.3007"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
            "vulnerable": true,
            "matchCriteriaId": "04C81079-1855-4F8C-A9E2-3E2CC796C4F0",
            "versionEndExcluding": "10.0.22621.3007"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0",
            "versionEndExcluding": "10.0.22631.3007"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51DCD313-6848-46DD-B4C6-DA2A8F6291CD",
            "versionEndExcluding": "10.0.17763.5329"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14",
            "versionEndExcluding": "10.0.20348.2227"
          },
          {
            "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B57577F-8313-4AFF-9E30-0C928D87C4AF",
            "versionEndExcluding": "10.0.25398.643"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References