gsd-2024-20666
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
BitLocker Security Feature Bypass Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2024-20666",
"id": "GSD-2024-20666"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2024-20666"
],
"details": "BitLocker Security Feature Bypass Vulnerability",
"id": "GSD-2024-20666",
"modified": "2023-12-13T01:21:43.125861Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2024-20666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 Version 1809",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.17763.5329"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.17763.5329"
}
]
}
},
{
"product_name": "Windows Server 2019 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.17763.5329"
}
]
}
},
{
"product_name": "Windows Server 2022",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.20348.2227"
}
]
}
},
{
"product_name": "Windows 11 version 21H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22000.2713"
}
]
}
},
{
"product_name": "Windows 10 Version 21H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.19044.3930"
}
]
}
},
{
"product_name": "Windows 11 version 22H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22621.3007"
}
]
}
},
{
"product_name": "Windows 10 Version 22H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.19045.3930"
}
]
}
},
{
"product_name": "Windows 11 version 22H3",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22631.3007"
}
]
}
},
{
"product_name": "Windows 11 Version 23H2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.22631.3007"
}
]
}
},
{
"product_name": "Windows Server 2022, 23H2 Edition (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.25398.643"
}
]
}
},
{
"product_name": "Windows 10 Version 1507",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.10240.20402"
}
]
}
},
{
"product_name": "Windows 10 Version 1607",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.14393.6614"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.14393.6614"
}
]
}
},
{
"product_name": "Windows Server 2016 (Server Core installation)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.0.0",
"version_value": "10.0.14393.6614"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BitLocker Security Feature Bypass Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "46ABD897-272E-49BD-BCD1-79EA0908349D",
"versionEndExcluding": "10.0.10240.20402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "B85886E7-0E67-4BBD-9E42-4507DF422BCF",
"versionEndExcluding": "10.0.10240.20402",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "1301CF7B-D772-4AAA-BFF2-88BF493A324E",
"versionEndExcluding": "10.0.14393.6614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "DDEB129C-34A6-47E5-A652-51FCE0A3A880",
"versionEndExcluding": "10.0.14393.6614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB2C6F0A-4519-43AE-A36D-39F968FF3DCD",
"versionEndExcluding": "10.0.17763.5329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251",
"versionEndExcluding": "10.0.19044.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD",
"versionEndExcluding": "10.0.19045.3930",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "6FA472E2-4501-4597-9979-796258111DA5",
"versionEndExcluding": "10.0.22000.2713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "0F377DD9-2DBF-4202-AF3F-6AC6A809F4E2",
"versionEndExcluding": "10.0.22000.2713",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "C48178EC-BDEE-4F78-BCFB-B125F5CA0A9E",
"versionEndExcluding": "10.0.22621.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "04C81079-1855-4F8C-A9E2-3E2CC796C4F0",
"versionEndExcluding": "10.0.22621.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"matchCriteriaId": "91F6049F-03C1-494C-8AA1-6DE27D335139",
"versionEndExcluding": "10.0.22631.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"matchCriteriaId": "A00CE59A-0762-4AA4-99DA-5C9545F85666",
"versionEndExcluding": "10.0.22631.3007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:-:*:*:*:*:*:*:*",
"matchCriteriaId": "821614DD-37DD-44E2-A8A4-FE8D23A33C3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BitLocker Security Feature Bypass Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de omisi\u00f3n de la caracter\u00edstica de seguridad de BitLocker"
}
],
"id": "CVE-2024-20666",
"lastModified": "2024-01-14T22:46:45.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9,
"source": "secure@microsoft.com",
"type": "Primary"
}
]
},
"published": "2024-01-09T18:15:50.057",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
Loading...