CVE-2024-48996

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 12, 2024
Updated: Nov 15, 2024
CWE ID 122

Summary

CVE-2024-48996 is a new SQL Server Native Client remote code execution vulnerability that has been discovered. Attackers can exploit this weakness by sending specially crafted packets to an affected SQL Server instance, allowing them to execute arbitrary code on the underlying system. Successful exploitation could result in unauthorized access, data theft, or the installation of malware. Microsoft has released a security update to address this issue, and it is strongly recommended that all SQL Server users apply the patch as soon as possible to protect against potential attacks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Microsoft SQL Server

Affected Vendors

  • Microsoft