CVE-2024-43468

Published Oct 8, 2024

Last updated a month ago

CVSS critical 9.8

Overview

Description
Microsoft Configuration Manager Remote Code Execution Vulnerability
Source
secure@microsoft.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

secure@microsoft.com
CWE-89
nvd@nist.gov
NVD-CWE-noinfo

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🚨 RCE in #Microsoft #ConfigMgr (CVE-2024-43468)! Unauthenticated attackers could execute commands via SQL injection in MP_Location service. Public exploits are on GitHub, no wild exploitation yet. ➡️ https://t.co/PUQqgBw62U https://t.co/UhUTxepqW3

    @leonov_av

    4 Feb 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Microsoft Configuration Manager の脆弱性 CVE-2024-43468 (CVSS 9.8):PoC コードが公開 https://t.co/J5qM17Dkbg Microsoft Configuration Manager (MCM) に存在する深刻な脆弱性に対して、PoC が提供されました。2024年10月の Patch Tuesday… https://t.co/084lFI6eCZ

    @iototsecnews

    3 Feb 2025

    40 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  3. 🚫 CVE-2024-43468 : Microsoft Configuration Manager Remote Code Execution Vulnerability 🔥PoC:https://t.co/CPEiGIS1JA 📌Dorks HUNTER :https://t.co/G5LwnS1fm6="Microsoft Configuration Manager Remote Control service" ▶️Refer:https://t.co/Dzs3rkmIPV https://t.co/lpdKssQ89R

    @HackingTeam777

    29 Jan 2025

    274 Impressions

    1 Retweet

    2 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  4. A critical SQL injection vulnerability (CVE-2024-43468) in Microsoft Configuration Manager could allow unauthenticated attacks to execute arbitrary commands. Patches released—urgent implementation needed! 🚨 #Microsoft #SQLInjection link: https://t.co/Qd3yIo1WOl https://t.co/0vR

    @TweetThreatNews

    27 Jan 2025

    39 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. Top 5 Trending CVEs: 1 - CVE-2025-23006 2 - CVE-2024-50050 3 - CVE-2024-43468 4 - CVE-2025-0282 5 - CVE-2025-21298 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    27 Jan 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚠️ CVE-2024-43468: PoC de un Exploit crítico en Microsoft Configuration Manager (CVSS 9.8) sale a luz! https://t.co/PrL7Cx0sUK

    @tpx_Security

    26 Jan 2025

    157 Impressions

    2 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2024-49138 2 - CVE-2024-43468 3 - CVE-2024-50050 4 - CVE-2025-20156 5 - CVE-2020-11023 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    26 Jan 2025

    167 Impressions

    1 Retweet

    3 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  8. CVE-2024-43468 (CVSS 9.8): การใช้ประโยชน์ของผู้จัดการการกําหนดค่าของไมโครซอฟท์เปิดเผยด้วยรหัส PC https://t.co/2Eeiw8zSyV

    @freedomhack101

    25 Jan 2025

    32 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Threat Alert: CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with CVE-2024-43468 Severity: 🔴 High Maturity: 💢 Emerging Learn more: https://t.co/2QYaq5Xuud #CyberSecurity #ThreatIntel #InfoSec

    @fletch_ai

    25 Jan 2025

    36 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code https://t.co/Hy5eLQmQnv

    @Dinosn

    24 Jan 2025

    7508 Impressions

    53 Retweets

    181 Likes

    52 Bookmarks

    0 Replies

    1 Quote

  11. CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code https://t.co/S6CV1y9606

    @samilaiho

    24 Jan 2025

    12418 Impressions

    30 Retweets

    80 Likes

    48 Bookmarks

    3 Replies

    2 Quotes

  12. 🚨Alert🚨 CVE-2024-43468 : Microsoft Configuration Manager Remote Code Execution Vulnerability 🔥PoC:https://t.co/R6ZpalKYVL 📊 37K+ Services are found on the https://t.co/ysWb28BTvF yearly. 🔗Hunter Link:https://t.co/3AN7iywcLG 👇Query HUNTER :https://t.co/q9rtuGfZuz="Microsoft…

    @HunterMapping

    24 Jan 2025

    3354 Impressions

    24 Retweets

    62 Likes

    26 Bookmarks

    0 Replies

    0 Quotes

  13. Microsoft Configuration Manager Vulnerability Allows Remote Code Execution – PoC Released https://t.co/40LCSKMsLg A critical vulnerability, CVE-2024-43468, has been identified in Microsoft Configuration Manager (ConfigMgr), posing a severe security risk to organizations relyin…

    @f1tym1

    20 Jan 2025

    79 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) https://t.co/8OtnesDd9A

    @Dinosn

    17 Jan 2025

    2077 Impressions

    2 Retweets

    7 Likes

    4 Bookmarks

    0 Replies

    0 Quotes

  15. #exploit 1. CVE-2025-0282: Ivanti Connect Secure IFT TLS Stack Overflow pre-auth RCE - https://t.co/IGCw9K0YEM 2. CVE-2024-43468: MS Configuration Manager (ConfigMgr/SCCM) 2403 Unauthenticated SQLi - https://t.co/TCEXzMaR5B

    @ksg93rd

    17 Jan 2025

    216 Impressions

    0 Retweets

    2 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  16. GitHub - synacktiv/CVE-2024-43468 - https://t.co/IGCIjQ3Xnh

    @piedpiper1616

    16 Jan 2025

    208 Impressions

    0 Retweets

    4 Likes

    1 Bookmark

    0 Replies

    0 Quotes

  17. Microsoft Configuration Manager (ConfigMgr / SCCM) 2403 Unauthenticated SQL injections (CVE-2024-43468) https://t.co/Wa7GSRyZrT

    @_r_netsec

    16 Jan 2025

    1387 Impressions

    2 Retweets

    12 Likes

    4 Bookmarks

    0 Replies

    1 Quote

  18. A few months ago, Microsoft released a critical patch for CVE-2024-43468, an unauthenticated SQL injection vulnerability in SCCM/ConfigMgr leading to remote code execution, discovered by @kalimer0x00. https://t.co/nx05pyySC9

    @Synacktiv

    16 Jan 2025

    4337 Impressions

    44 Retweets

    117 Likes

    29 Bookmarks

    1 Reply

    0 Quotes

  19. 🚨 Microsoft’s October update addresses 117 CVEs, including two actively exploited vulnerabilities: CVE-2024-43572 (RCE in MMC) CVE-2024-43573 (Platform Spoofing in MSHTML) Critical CVE-2024-43468 (CVSS 9.8) could lead to RCE on servers. Apply patches ASAP to stay secure! https:

    @UpriteServices

    24 Oct 2024

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  20. 10月の月例セキュリティ更新では、Microsoft Configuration Manageの修正がでています。現時点で悪用はみられていませんが、リモートで認証なしで悪用できる脆弱性なので早めのパッチを推奨です:[CVE-2024-43468] Configuration Manager に対する深刻度の高い脆弱性について https://t.co/QzCbknyyhC

    @EurekaBerry

    951 Impressions

    2 Retweets

    7 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  21. Fortra’s Tyler Reguly is featured in Forbes discussing the critical CVE-2024-43468 vulnerability. He warns that mitigating this vulnerability is far from simple.​​https://t.co/Dnyhff3wTC​ #PatchTuesday https://t.co/YJU3J5sKvA

    @fortraofficial

    35 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References