What are CVE-2024-43468?
Researchers have identified a critical SQL injection vulnerability that impacts Microsoft Configuration Manager (SCCM). The vulnerability is exploitable by an unauthenticated adversary. Successful exploitation results in unauthorized access to the SQL server database at the same privilege level as the SCCM process, which requires database administration (DBA) rights. The ability to execute stacked queries against the SCCM database grants an attack the ability to execute arbitrary commands against the database server as SYSTEM.
This is a critical vulnerability. Successful exploitation facilitates remote command execution, which can result in malware deployment, host compromise, domain credential theft, or lateral movement within a private network.
How bad is this?
CVE | CVSSv3 Score |
CVE-2024-43468 | 9.8 |
Severity: Critical
- Credentials are NOT required
- Low level of complexity
- Exploit code in public domain
Who is affected by this?
Affected versions
- Microsoft Configuration Manager 2403
- Microsoft Configuration Manager 2309
- Microsoft Configuration Manager 2303
How is it exploited?
This vulnerability is exploitable remotely by an unauthenticated attacker, the most abundant class of attacker.
How do I protect myself?
Microsoft addressed this vulnerability in the October 2024 Patch Tuesday updates. Organizations using Microsoft Configuration Manager are urged to apply these patches immediately to prevent exploitation.
Mitigating factors?
Microsoft Configuration Managers is not exposed to external nodes, which mitigates exploitation by external threat actors.