CVE-2024-48996
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2024-48996 is a new SQL Server Native Client remote code execution vulnerability that has been discovered. Attackers can exploit this weakness by sending specially crafted packets to an affected SQL Server instance, allowing them to execute arbitrary code on the underlying system. Successful exploitation could result in unauthorized access, data theft, or the installation of malware. Microsoft has released a security update to address this issue, and it is strongly recommended that all SQL Server users apply the patch as soon as possible to protect against potential attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Microsoft SQL Server
Affected Vendors
- Microsoft