CVE-2024-38193

HIGH KEV

Windows Ancillary Function Driver - Privilege Escalation

Title source: llm

Exploitation Summary

CVE-2024-38193 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 13, 2024. EIP tracks 3 public exploits from researchers including Milad karimi, killvxk, Y5neKO.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in the Ancillary Function Driver for WinSock (afd.sys) on Windows 11 Pro 23H2. It leverages IOCTL operations to manipulate kernel structures, likely abusing token privileges for local privilege escalation (LPE).

Description

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Exploits (3)

exploitdb WORKING POC

by Milad karimi · localwindows

https://www.exploit-db.com/exploits/52284

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in the Ancillary Function Driver for WinSock (afd.sys) on Windows 11 Pro 23H2. It leverages IOCTL operations to manipulate kernel structures, likely abusing token privileges for local privilege escalation (LPE).

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Reliable

Target: Microsoft Windows 11 Pro 23H2 (afd.sys)

No auth needed

Prerequisites: Local access to a vulnerable Windows 11 Pro 23H2 system

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec NO CODE 59 stars

by killvxk · local

https://github.com/killvxk/CVE-2024-38193-Nephster

View Code ZIP pw:eip

patchapalooza WORKING POC

by Y5neKO · local

https://github.com/Y5neKO/Y5_VulnHub

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2024-0044, a local privilege escalation vulnerability in Android 12 and 13. The exploit manipulates the `createSessionInternal` function in `PackageInstallerService.java` to perform a 'run-as any app' attack, allowing unauthorized access to sensitive app data like WhatsApp databases.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Android 12, Android 13

No auth needed

Prerequisites: USB debugging enabled · ADB access to the target device · APK file to push to the device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1548 - Abuse Elevation Control Mechanism

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit

https://www.exploit-db.com/exploits/52284

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-38193

Patch, Vendor Advisory vendor-advisory

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193

Scores

CVSS v3 7.8

EPSS 0.7323

EPSS Percentile 98.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2024-08-13

VulnCheck KEV 2024-08-13

InTheWild.io 2024-08-13

ENISA EUVD EUVD-2024-37161

CWE

CWE-416

Status published

Products (17)

microsoft/windows_10_1507 < 10.0.10240.20751

microsoft/windows_10_1607 < 10.0.14393.7259

microsoft/windows_10_1809 < 10.0.17763.6189

microsoft/windows_10_21h2 < 10.0.19044.4780

microsoft/windows_10_22h2 < 10.0.19045.4780

microsoft/windows_11_21h2 < 10.0.22000.3147

microsoft/windows_11_22h2 < 10.0.22621.4037

microsoft/windows_11_23h2 < 10.0.22631.4037

microsoft/windows_11_24h2 < 10.0.26100.1457

microsoft/windows_server_2008

... and 7 more

Published Aug 13, 2024

KEV Added Aug 13, 2024

Tracked Since Feb 18, 2026