CVE-2024-20697

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-20697
Windows Libarchive Remote Code Execution Vulnerability

7.3 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.3 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697 Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*
History

08 Oct 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/06/04/2', 'name': 'http://www.openwall.com/lists/oss-security/2024/06/04/2', 'tags': [], 'refsource': ''}
  • {'url': 'https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability', 'name': 'https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability', 'tags': [], 'refsource': ''}
  • {'url': 'http://www.openwall.com/lists/oss-security/2024/06/05/1', 'name': 'http://www.openwall.com/lists/oss-security/2024/06/05/1', 'tags': [], 'refsource': ''}
  • {'url': 'https://github.com/advisories/GHSA-w6xv-37jv-7cjr', 'name': 'https://github.com/advisories/GHSA-w6xv-37jv-7cjr', 'tags': [], 'refsource': ''}

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/06/04/2 -

10 Jun 2024, 17:16

Type Values Removed Values Added
References
  • () http://www.openwall.com/lists/oss-security/2024/06/05/1 -

08 Jun 2024, 13:15

Type Values Removed Values Added
References
  • () https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability -
  • () https://github.com/advisories/GHSA-w6xv-37jv-7cjr -

14 Jan 2024, 21:56

Type Values Removed Values Added
First Time Microsoft windows 11 23h2
Microsoft windows 11 22h2
Microsoft windows Server 2022 23h2
Microsoft
References () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697 - () https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697 - Patch, Vendor Advisory
CPE cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*
cpe:2.3:o:microsoft:windows_server_2022_23h2:-:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

09 Jan 2024, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-01-09 18:15

Updated : 2024-10-08 16:15

NVD link : CVE-2024-20697

Mitre link : CVE-2024-20697

JSON object : View

Products Affected

microsoft

  • windows_server_2022_23h2
  • windows_11_22h2
  • windows_11_23h2
CWE
NVD-CWE-noinfo