CVE-2024-49019

HIGH

Active Directory Certificate Services - Privilege Escalation

Title source: llm

Description

Active Directory Certificate Services Elevation of Privilege Vulnerability

Exploits (3)

nomisec WRITEUP 3 stars
by rayngnpc · poc
https://github.com/rayngnpc/CVE-2024-49019-rayng
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/cert_request.rb
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/ms_icpr.rb

References (1)

Scores

CVSS v3 7.8
EPSS 0.0483
EPSS Percentile 89.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-1390
Status published
Products (9)
microsoft/windows_server_2008
microsoft/windows_server_2008 r2 sp1
microsoft/windows_server_2012
microsoft/windows_server_2012 r2
microsoft/windows_server_2016 < 10.0.14393.7515
microsoft/windows_server_2019 < 10.0.17763.6532
microsoft/windows_server_2022 < 10.0.20348.2849
microsoft/windows_server_2022_23h2 < 10.0.25398.1251
microsoft/windows_server_2025 < 10.0.26100.2314
Published Nov 12, 2024
Tracked Since Feb 18, 2026