CVE-2024-49004

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Nov 12, 2024

Updated: Nov 15, 2024

CWE ID 122

Summary

CVE-2024-49004 is a newly disclosed vulnerability affecting SQL Server Native Client. This issue allows an unauthenticated attacker to execute arbitrary code remotely by sending a specially crafted packet to the SQL Server. Successful exploitation could lead to significant data loss or unauthorized system access. It is highly recommended that affected organizations apply the available patches as soon as possible to mitigate this risk. This SQL Server Native Client Remote Code Execution Vulnerability (CVE-2024-49004) enables attackers to execute arbitrary code without authentication. The flaw can be triggered using a specially crafted packet, posing a serious threat of data loss and unauthorized system access. Organizations utilizing the SQL Server Native Client are urged to apply the available patches to minimize the risk of successful exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

Microsoft SQL Server

Affected Vendors

Microsoft

Advisories, Assessments, and Mitigations

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Submarine Cables Face Increasing Threats Amid Geopolitical Tensions and Limited Repair Capacity

US Violent Extremists Likely Shifting Focus to Targeted Physical Threats in 2025

DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal

Know What Matters

For Customers

For Partners