1. Home
  2. Vulnerabilities
  3. CVE-2024-49112
9.8
CRITICAL CVSS 3.1
CVE-2024-49112
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
Description

Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability

INFO

Published Date :

Dec. 12, 2024, 2:04 a.m.

Last Modified :

Jan. 14, 2025, 5:54 p.m.

Remotely Exploit :

Yes !

Source :

[email protected]
Affected Products

The following products are affected by CVE-2024-49112 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Microsoft windows_server_2008
2 Microsoft windows_server_2012
3 Microsoft windows_server_2016
4 Microsoft windows_server_2019
5 Microsoft windows_10_1607
6 Microsoft windows_10_1809
7 Microsoft windows_10_21h2
8 Microsoft windows_10_22h2
9 Microsoft windows_server_2022
10 Microsoft windows_11_22h2
11 Microsoft windows_10_1507
12 Microsoft windows
13 Microsoft windows_11_23h2
14 Microsoft windows_server_2022_23h2
15 Microsoft windows_server_23h2
16 Microsoft windows_server_2012_r2
17 Microsoft windows_server_2008_r2
18 Microsoft windows_server_2008_sp2
19 Microsoft windows_11_24h2
20 Microsoft windows_server_2025
: Total Affected Vendor : 1 | Products : 20
CVSS Scores
The Common Vulnerability Scoring System is a standardized framework for assessing the severity of vulnerabilities in software and systems. We collect and displays CVSS scores from various sources for each CVE.
Score Version Severity Vector Exploitability Score Impact Score Source
CVSS 3.1 CRITICAL [email protected]
Solution
A vulnerability in the Windows LDAP service could allow for remote code execution.
  • Apply the appropriate security updates.
  • Reboot the system if required by the update.
Public PoC/Exploit Available at Github

CVE-2024-49112 has a 8 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-49112.

URL Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 Vendor Advisory
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-49112 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-49112 weaknesses.

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Profile Photo
hithmast/CVEs-Flows

None

Updated: 7 months, 2 weeks ago
0 stars 1 fork 1 watcher
Born at : Jan. 13, 2025, 9:34 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
bo0l3an/CVE-2024-49112-PoC

CVE-2024-49112 LDAP RCE PoC and Metasploit Module

Ruby Python

Updated: 1 month, 3 weeks ago
8 stars 3 fork 3 watcher
Born at : Jan. 8, 2025, 1:56 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
CCIEVoice2009/CVE-2024-49112

None

Python

Updated: 6 months, 1 week ago
3 stars 0 fork 0 watcher
Born at : Jan. 2, 2025, 2:02 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
BOl1o/CVE-2024-49112-RCE-PoC

CVE-2024-49112 Windows LDAP RCE PoC and Metasploit Module

Updated: 8 months ago
1 stars 0 fork 0 watcher
Born at : Jan. 2, 2025, 4:29 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
BOl1o/CVE-2024-49112-PoC

CVE-2024-49112 Windows LDAP RCE PoC and Metasploit Module

Updated: 8 months, 1 week ago
0 stars 0 fork 0 watcher
Born at : Dec. 25, 2024, 2:06 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
b0l1o/CVE-2024-49112-PoC

CVE-2024-49112 LDAP RCE PoC and Metasploit Module

Updated: 8 months, 2 weeks ago
3 stars 0 fork 0 watcher
Born at : Dec. 18, 2024, 1:06 a.m. This repo has been linked 1 different CVEs too.
Profile Photo
tnkr/poc_monitor

A short scraper looking for a POC of CVE-2024-49112

Python

Updated: 1 month, 2 weeks ago
14 stars 2 fork 2 watcher
Born at : Dec. 16, 2024, 1:41 p.m. This repo has been linked 1 different CVEs too.
Profile Photo
giterlizzi/secdb-feeds

SecDB - Security Feeds

cve security-feeds vulnerability

Updated: 3 weeks, 6 days ago
0 stars 0 fork 0 watcher
Born at : July 1, 2022, 8:37 p.m. This repo has been linked 102 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-49112 vulnerability anywhere in the article.

  • Daily CyberSecurity
The Win-DDoS Epidemic: New Flaws Weaponize Windows Domain Controllers for Massive DoS Attacks, PoC Releases

SafeBreach Labs researchers have uncovered a new class of denial-of-service (DoS) vulnerabilities in Microsoft Windows that could enable attackers to weaponize critical infrastructure — without ever b ... Read more

Published Date: Aug 12, 2025 (3 weeks, 3 days ago)
  • Daily CyberSecurity
Microsoft PlayReady DRM Certificates Leaked: SL3000 Pulled from GitHub, Amazon Suspends Pirate Accounts

Digital Rights Management (DRM) mechanisms are crucial for safeguarding streaming content—platforms like Netflix rely on DRM to protect their media, and Microsoft employs its proprietary Microsoft Pla ... Read more

Published Date: Jul 31, 2025 (1 month ago)
  • Daily CyberSecurity
Microsoft Authenticator to Drop Password Manager Features by August 2025

In 2020, Microsoft updated its Authenticator app to introduce password-saving and autofill capabilities, effectively transforming Microsoft Authenticator into a password manager with support for autof ... Read more

Published Date: May 02, 2025 (4 months ago)
  • BleepingComputer
Fake LDAPNightmware exploit on GitHub spreads infostealer malware

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. The tact ... Read more

Published Date: Jan 11, 2025 (7 months, 3 weeks ago)
  • tripwire.com
Tripwire Patch Priority Index for December 2024

Tripwire's December 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft and Adobe.First on the list is a notice about Windows Common Log File System Driver (CLFS). ... Read more

Published Date: Jan 10, 2025 (7 months, 3 weeks ago)
  • The Hacker News
CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a su ... Read more

Published Date: Jan 10, 2025 (7 months, 3 weeks ago)
  • Help Net Security
January 2025 Patch Tuesday forecast: Changes coming in cybersecurity guidance

Welcome to 2025 and a new year of patch excitement! In my December article, I talked about Microsoft’s Secure Future Initiative (SFI) and how it manifested in many of the Microsoft products released i ... Read more

Published Date: Jan 10, 2025 (7 months, 3 weeks ago)
  • The Register
Security pros baited with fake Windows LDAP exploit traps

Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws. Trend Micro spotted what appears to be a fork of the legitima ... Read more

Published Date: Jan 09, 2025 (7 months, 3 weeks ago)
  • Trend Micro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit

In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities we ... Read more

Published Date: Jan 09, 2025 (7 months, 3 weeks ago)
  • The Hacker News
⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]

Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors—some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are t ... Read more

Published Date: Jan 06, 2025 (7 months, 4 weeks ago)
  • TheCyberThrone
TheCyberThrone Security Weekly Review – January 04, 2025

Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 04, 2025.CVE-2024-56512 impacts A ... Read more

Published Date: Jan 05, 2025 (8 months ago)
  • TheCyberThrone
CVE-2024-11944: TrueNAS CORE has Severe Directory Traversal Flaw

CVE-2024-11944 is a vulnerability identified in iXsystems TrueNAS CORE. This vulnerability is classified as a Directory Traversal and Remote Code Execution (RCE) flaw. The exploitation of this vulnera ... Read more

Published Date: Jan 04, 2025 (8 months ago)
  • Trend Micro
What We Know About CVE-2024-49112 and CVE-2024-49113

In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) f ... Read more

Published Date: Jan 04, 2025 (8 months ago)
  • TheCyberThrone
CVE-2024-49113: PoC Exploit Code Released

The CVE-2024-49113 vulnerability is a significant Denial of Service (DoS) issue found in the Windows Lightweight Directory Access Protocol (LDAP). SafeBreach Labs developed the exploit code, which has ... Read more

Published Date: Jan 03, 2025 (8 months ago)
  • The Hacker News
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

Windows Server / Threat Mitigation A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger ... Read more

Published Date: Jan 03, 2025 (8 months ago)
  • Dark Reading
Unpatched Active Directory Flaw Can Crash Any Microsoft Server

Source: Andriy Popov via Alamy Stock PhotoOne of two critical Active Directory Domain Controller vulnerabilities patched by Microsoft last month goes beyond the original denial-of-service (DoS) attack ... Read more

Published Date: Jan 02, 2025 (8 months ago)
  • TheCyberThrone
CVE-2024-12108: Progress WhatsUp Gold Vulnerability

CVE-2024-12108 with a CVSS score of 9.6 is a critical security vulnerability affecting WhatsUp Gold, a network monitoring software developed by Progress Software Corporation.Affected VersionsThe vulne ... Read more

Published Date: Jan 02, 2025 (8 months ago)
  • TheCyberThrone
CVE-2024-49112 POC Code Released

The CVE-2024-49112 vulnerability, identified as LDAPNightmare, has seen the release of a Proof-of-Concept (PoC) code by SafeBreach Labs. This particular security flaw is critical as it affects the Win ... Read more

Published Date: Jan 02, 2025 (8 months ago)
  • Cybersecurity News
Starlink V3 Satellites Promise Blazing Fast Internet Speeds

Starlink recently announced on its official X account that it will soon launch the V3 satellites, which are expected to significantly enhance its satellite internet service by increasing bandwidth and ... Read more

Published Date: Jan 02, 2025 (8 months ago)
  • Cybersecurity News
PoC Exploit Released for Zero-Click Vulnerability CVE-2024-49112 in Windows

SafeBreach Labs revealed a zero-click vulnerability in the Windows Lightweight Directory Access Protocol (LDAP) service, dubbed “LDAP Nightmare”. This critical vulnerability, tracked as CVE-2024-49112 ... Read more

Published Date: Jan 02, 2025 (8 months ago)

Results are limited to the first 20 news articles due to potential performance issues.

The following table lists the changes that have been made to the CVE-2024-49112 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Jan. 14, 2025

    Action Type Old Value New Value
    Added CWE NIST NVD-CWE-noinfo
    Added CPE Configuration OR *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.10240.20857 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19044.5247 *cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.19045.5247 *cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.22621.4602 *cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605 *cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:* *cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:* *cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.14393.7606 *cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.17763.6659 *cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.20348.2966 *cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.25398.1308 *cpe:2.3:o:microsoft:windows_server_2025:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.26100.2605
    Changed Reference Type https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 No Types Assigned https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112 Vendor Advisory
  • New CVE Received by [email protected]

    Dec. 12, 2024

    Action Type Old Value New Value
    Added Description Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
    Added CVSS V3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    Added CWE CWE-190
    Added Reference https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
Vulnerability Scoring Details
Base CVSS Score: 9.8
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact