CVE-2024-43488

HIGH

Visual Studio Code Arduino Extension - Unauthenticated Remote Code Execution

Title source: llm
STIX 2.1

Description

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.

References (1)

Core 1
Core References
Patch, Vendor Advisory vendor-advisory patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43488

Scores

CVSS v3 8.8
EPSS 0.0115
EPSS Percentile 63.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-306
Status published
Products (2)
Microsoft/Visual Studio Code -
microsoft/visual_studio_code
Published Oct 08, 2024
Tracked Since Feb 18, 2026