Skip to main content

Defender For Endpoint CVE-2024-49057

HIGH
Improper Input Validation (CWE-20)
2024-12-12 secure@microsoft.com
8.1
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
8.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 12, 2024 - 02:04 cve.org
HIGH 8.1

DescriptionCVE.org

Microsoft Defender for Endpoint on Android Spoofing Vulnerability

AnalysisAI

Microsoft Defender for Endpoint on Android Spoofing Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-20. Microsoft Defender for Endpoint on Android Spoofing Vulnerability Affected products include: Microsoft Defender For Endpoint.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2026-21537 HIGH
8.8 Feb 10

Microsoft Defender for Endpoint on Linux contains a code injection vulnerability that enables adjacent network attackers

CVE-2024-21315 HIGH
7.8 Feb 13

Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vu

CVE-2022-35828 HIGH
7.8 Sep 13

Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulne

CVE-2026-45647 HIGH
7.0 Jun 09

Local privilege escalation in Microsoft Defender for Endpoint for Mac (versions 101.0.0 through 101.26042.0010) allows a

CVE-2025-26684 MEDIUM
6.7 May 13

External control of file name or path in Microsoft Defender for Endpoint allows an authorized attacker to elevate privil

CVE-2024-49071 MEDIUM
6.5 Dec 12

Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender al

CVE-2022-33637 MEDIUM
6.5 Jul 12

Microsoft Defender for Endpoint Tampering Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotel

CVE-2022-23278 MEDIUM
5.9 Mar 09

Microsoft Defender for Endpoint Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely

CVE-2024-43614 MEDIUM
5.5 Oct 08

Relative path traversal in Microsoft Defender for Endpoint allows an authorized attacker to perform spoofing locally. Ra

CVE-2025-47161 HIGH POC
7.8 May 15

Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.

Share

CVE-2024-49057 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy