CVE-2024-21409 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.3 HIGH	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
microsoft	CNA	7.3 HIGH				CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 97%

Affected Products (NVD)

Vendor	Product	Version
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8.1
microsoft	.net	6.0.0 ≤ 𝑥 < 6.0.29
microsoft	.net	7.0.0 ≤ 𝑥 < 7.0.18
microsoft	.net	8.0.0 ≤ 𝑥 < 8.0.4
microsoft	powershell	7.2 ≤ 𝑥 < 7.2.19
microsoft	powershell	7.3 ≤ 𝑥 < 7.3.12
microsoft	powershell	7.4 ≤ 𝑥 < 7.4.2
microsoft	visual_studio_2022	17.4.0 ≤ 𝑥 < 17.4.18
microsoft	visual_studio_2022	17.6.0 ≤ 𝑥 < 17.6.14
microsoft	visual_studio_2022	17.8.0 ≤ 𝑥 < 17.8.9
microsoft	visual_studio_2022	17.9.0 ≤ 𝑥 < 17.9.6
microsoft	.net_framework	3.5
microsoft	.net_framework	4.7.2
microsoft	.net_framework	4.8
microsoft	.net_framework	4.6.2
microsoft	.net_framework	4.7
microsoft	.net_framework	4.7.1
microsoft	.net_framework	4.7.2
microsoft	.net_framework	3.5
microsoft	.net_framework	4.8
microsoft	.net_framework	4.6.2

𝑥

= Vulnerable software versions

Windows Releases

Platform

Version

Windows 10

1607 (x64, x86)	KB5036899
1607 (x64, x86)	KB5036609
1809 (arm64, x64, x64, x86, x86)	KB5037034
21H2 (arm64, arm64, x64, x64, x86, x86)	KB5037035
22H2 (arm64, arm64, x64, x64, x86, x86)	KB5037036

Windows 11

21H2 (arm64, arm64, x64, x64)	KB5037037
22H2 (arm64, x64)	KB5036620
23H2 (arm64, x64)	KB5036620

Windows Server 2008

Service Pack 2 (x64, x86)	KB5037128
Service Pack 2 Server Core (x64, x86)	KB5037128

Windows Server 2008 R2

Service Pack 1 (x64, x64)	KB5037127
Service Pack 1 Server Core (x64, x64)	KB5037127

Windows Server 2012

Server Core	KB5037039
Standard	KB5037039

Windows Server 2012 R2

Server Core	KB5037040
Standard	KB5037040

Windows Server 2016

Server Core	KB5036609
Server Core	KB5036899
Standard	KB5036609
Standard	KB5036899

Windows Server 2019

Server Core	KB5037034
Standard	KB5037034

Windows Server 2022

Server Core	KB5037033
Standard	KB5037033

Ubuntu Releases

Ubuntu Product

Codename

dotnet6

focal	dne
jammy	not-affected
mantic	not-affected

dotnet7

focal	dne
jammy	not-affected
mantic	not-affected

dotnet8

focal	dne
jammy	not-affected
mantic	not-affected

Common Weakness Enumeration

CWE-416 - Use After Free
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409

https://security.netapp.com/advisory/ntap-20250117-0002/