CVE-2024-57972

MEDIUM

Microsoft HoloLens <10.0.17763.3046-10.0.22621.1244 - DoS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-57972. PoCs published by tania-silva.

AI-analyzed exploit summary This repository describes a Denial of Service (DoS) attack on Microsoft HoloLens via the Device Portal API by flooding pairing requests. The attack causes CPU overload and renders the device unusable until manually stopped.

Description

The pairing API request handler in Microsoft HoloLens 1 (Windows Holographic) through 10.0.17763.3046 and HoloLens 2 (Windows Holographic) through 10.0.22621.1244 allows remote attackers to cause a Denial of Service (resource consumption and device unusability) by sending many requests through the Device Portal framework.

Exploits (1)

nomisec WRITEUP
by tania-silva · poc
https://github.com/tania-silva/CVE-2024-57972

This repository describes a Denial of Service (DoS) attack on Microsoft HoloLens via the Device Portal API by flooding pairing requests. The attack causes CPU overload and renders the device unusable until manually stopped.

Classification
Writeup 90%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft HoloLens 1 and 2 (Device Portal)
No auth needed
Prerequisites: HoloLens with Device Portal enabled · Attacker and target on the same network · HoloLens IP address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0222
EPSS Percentile 80.4%
Attack Vector ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-770
Status published
Products (2)
Microsoft/HoloLens 10 - 10.0.17763.3046
Microsoft/HoloLens 10 - 10.0.22621.1244
Published Mar 06, 2025
Tracked Since Feb 18, 2026