CVE-2024-49112
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Description
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
INFO
Published Date :
Dec. 12, 2024, 2:04 a.m.
Last Modified :
Jan. 14, 2025, 5:54 p.m.
Remotely Exploit :
Yes !
Source :
[email protected]
Affected Products
The following products are affected by CVE-2024-49112
vulnerability.
Even if cvefeed.io
is aware of the exact versions of the
products
that
are
affected, the information is not represented in the table below.
CVSS Scores
Score | Version | Severity | Vector | Exploitability Score | Impact Score | Source |
---|---|---|---|---|---|---|
CVSS 3.1 | CRITICAL | [email protected] |
Solution
- Apply the appropriate security updates.
- Reboot the system if required by the update.
Public PoC/Exploit Available at Github
CVE-2024-49112 has a 8 public
PoC/Exploit
available at Github.
Go to the Public Exploits
tab to see the list.
References to Advisories, Solutions, and Tools
Here, you will find a curated list of external links that provide in-depth
information, practical solutions, and valuable tools related to
CVE-2024-49112
.
URL | Resource |
---|---|
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 | Vendor Advisory |
CWE - Common Weakness Enumeration
While CVE identifies
specific instances of vulnerabilities, CWE categorizes the common flaws or
weaknesses that can lead to vulnerabilities. CVE-2024-49112
is
associated with the following CWEs:
Common Attack Pattern Enumeration and Classification (CAPEC)
Common Attack Pattern Enumeration and Classification
(CAPEC)
stores attack patterns, which are descriptions of the common attributes and
approaches employed by adversaries to exploit the CVE-2024-49112
weaknesses.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
None
CVE-2024-49112 LDAP RCE PoC and Metasploit Module
Ruby Python
None
Python
CVE-2024-49112 Windows LDAP RCE PoC and Metasploit Module
CVE-2024-49112 Windows LDAP RCE PoC and Metasploit Module
CVE-2024-49112 LDAP RCE PoC and Metasploit Module
A short scraper looking for a POC of CVE-2024-49112
Python
SecDB - Security Feeds
cve security-feeds vulnerability
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-49112
vulnerability anywhere in the article.

-
Daily CyberSecurity
The Win-DDoS Epidemic: New Flaws Weaponize Windows Domain Controllers for Massive DoS Attacks, PoC Releases
SafeBreach Labs researchers have uncovered a new class of denial-of-service (DoS) vulnerabilities in Microsoft Windows that could enable attackers to weaponize critical infrastructure — without ever b ... Read more

-
Daily CyberSecurity
Microsoft PlayReady DRM Certificates Leaked: SL3000 Pulled from GitHub, Amazon Suspends Pirate Accounts
Digital Rights Management (DRM) mechanisms are crucial for safeguarding streaming content—platforms like Netflix rely on DRM to protect their media, and Microsoft employs its proprietary Microsoft Pla ... Read more

-
Daily CyberSecurity
Microsoft Authenticator to Drop Password Manager Features by August 2025
In 2020, Microsoft updated its Authenticator app to introduce password-saving and autofill capabilities, effectively transforming Microsoft Authenticator into a password manager with support for autof ... Read more

-
BleepingComputer
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tact ... Read more

-
tripwire.com
Tripwire Patch Priority Index for December 2024
Tripwire's December 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the list is a notice about Windows Common Log File System Driver (CLFS). ... Read more

-
The Hacker News
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a su ... Read more

-
Help Net Security
January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance
Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released i ... Read more

-
The Register
Security pros baited with fake Windows LDAP exploit traps
Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws. Trend Micro spotted what appears to be a fork of the legitima ... Read more

-
Trend Micro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities we ... Read more

-
The Hacker News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are t ... Read more

-
TheCyberThrone
TheCyberThrone Security Weekly Review – January 04, 2025
Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025.CVE-2024-56512 impacts A ... Read more

-
TheCyberThrone
CVE-2024-11944: TrueNAS CORE has Severe Directory Traversal Flaw
CVE-2024-11944 is a vulnerability identified in iXsystems TrueNAS CORE. This vulnerability is classified as a Directory Traversal and Remote Code Execution (RCE) flaw. The exploitation of this vulnera ... Read more

-
Trend Micro
What We Know About CVE-2024-49112 and CVE-2024-49113
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) f ... Read more

-
TheCyberThrone
CVE-2024-49113: PoC Exploit Code Released
The CVE-2024-49113 vulnerability is a significant Denial of Service (DoS) issue found in the Windows Lightweight Directory Access Protocol (LDAP). SafeBreach Labs developed the exploit code, which has ... Read more

-
The Hacker News
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers
Windows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger ... Read more

-
Dark Reading
Unpatched Active Directory Flaw Can Crash Any Microsoft Server
Source: Andriy Popov via Alamy Stock PhotoOne of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack ... Read more

-
TheCyberThrone
CVE-2024-12108: Progress WhatsUp Gold Vulnerability
CVE-2024-12108 with a CVSS score of 9.6 is a critical security vulnerability affecting WhatsUp Gold, a network monitoring software developed by Progress Software Corporation.Affected VersionsThe vulne ... Read more

-
TheCyberThrone
CVE-2024-49112 POC Code Released
The CVE-2024-49112 vulnerability, identified as LDAPNightmare, has seen the release of a Proof-of-Concept (PoC) code by SafeBreach Labs. This particular security flaw is critical as it affects the Win ... Read more

-
Cybersecurity News
Starlink V3 Satellites Promise Blazing Fast Internet Speeds
Starlink recently announced on its official X account that it will soon launch the V3 satellites, which are expected to significantly enhance its satellite internet service by increasing bandwidth and ... Read more

-
Cybersecurity News
PoC Exploit Released for Zero-Click Vulnerability CVE-2024-49112 in Windows
SafeBreach Labs revealed a zero-click vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service, dubbed “LDAP Nightmare”. This critical vulnerability, tracked as CVE-2024-49112 ... Read more
The following table lists the changes that have been made to the
CVE-2024-49112
vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
Initial Analysis by [email protected]
Jan. 14, 2025
Action Type Old Value New Value Added CWE NIST NVD-CWE-noinfo Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5247 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5247 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4602 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2966 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1308 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605 Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 Vendor Advisory -
New CVE Received by [email protected]
Dec. 12, 2024
Action Type Old Value New Value Added Description Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Added CWE CWE-190 Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112