NopSec.com uses cookies to make interactions with the Company’s Websites easy and meaningful. When you visit one of the Company’s Websites, NopSec.com’s servers send a cookie to your computer. Standing alone, cookies do not personally identify you; they merely recognize your Web browser. Unless you choose to identify yourself to NopSec.com, either by responding to a promotional offer, opening an account, or filling out a Web form (such as a “Contact Us” or a “Free Trial” Web form), you remain anonymous to the Company. Please go to our privacy statement for details.

Acknowledge
NopSec_Resource_JustInTime_Generic_1

Just in Time Bulletin: CVE-2024-43468 Microsoft SCCM Unauthenticated SQL Injection

Feb 03, 2025

What are CVE-2024-43468? 

Researchers have identified a critical SQL injection vulnerability that impacts Microsoft Configuration Manager (SCCM). The vulnerability is exploitable by an unauthenticated adversary. Successful exploitation results in unauthorized access to the SQL server database at the same privilege level as the SCCM process, which requires database administration (DBA) rights. The ability to execute stacked queries against the SCCM database grants an attack the ability to execute arbitrary commands against the database server as SYSTEM. 

This is a critical vulnerability. Successful exploitation facilitates remote command execution, which can result in malware deployment, host compromise, domain credential theft, or lateral movement within a private network.

How bad is this? 

CVE CVSSv3 Score
CVE-2024-43468 9.8

 

Severity: Critical

 

 

  • Credentials are NOT required
  • Low level of complexity
  • Exploit code in public domain

 

Who is affected by this?

Affected versions

  • Microsoft Configuration Manager 2403
  • Microsoft Configuration Manager 2309
  • Microsoft Configuration Manager 2303

How is it exploited? 

This vulnerability is exploitable remotely by an unauthenticated attacker, the most abundant class of attacker.

How do I protect myself? 

Microsoft addressed this vulnerability in the October 2024 Patch Tuesday updates. Organizations using Microsoft Configuration Manager are urged to apply these patches immediately to prevent exploitation.

Mitigating factors? 

Microsoft Configuration Managers is not exposed to external nodes, which mitigates exploitation by external threat actors.

Additional Resources: