Defender For Endpoint
CVE-2024-43614
MEDIUM
Severity by source
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally.
AnalysisAI
Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-23. Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. Affected products include: Microsoft Defender For Endpoint.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Defender For Endpoint
View allMicrosoft Defender for Endpoint on Linux contains a code injection vulnerability that enables adjacent network attackers
Microsoft Defender for Endpoint on Android Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is
Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulne
Local privilege escalation in Microsoft Defender for Endpoint for Mac (versions 101.0.0 through 101.26042.0010) allows a
External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privil
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender al
Microsoft Defender for Endpoint Tampering Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotel
Microsoft Defender for Endpoint Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Same weakness CWE-23 – Relative Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today