CVE-2024-26189 : Secure Boot Security Feature Bypass Vulnerability

Products affected by CVE-2024-26189

Microsoft » Windows Server 2012 » Version: N/A
cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2012 » Version: R2
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2016
Versions before (<) 10.0.14393.6897
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2019
Versions before (<) 10.0.17763.5696
cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022
Versions before (<) 10.0.20348.2402
cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 21h2
Versions before (<) 10.0.22000.2899
cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 11 22h2
Versions before (<) 10.0.22621.3447
cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1607 » For X64
Versions before (<) 10.0.14393.6897
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 10 1607 » For X86
Versions before (<) 10.0.14393.6897
cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 1809
Versions before (<) 10.0.17763.5696
cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 21h2
Versions before (<) 10.0.19044.4291
cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 22h2
Versions before (<) 10.0.19045.4291
cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 10 1507 » For X86
Versions before (<) 10.0.10240.20596
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*
Matching versions
Microsoft » Windows 10 1507 » For X64
Versions before (<) 10.0.10240.20596
cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*
Matching versions
Microsoft » Windows 11 23h2
Versions before (<) 10.0.22631.3447
cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Server 2022 23h2
Versions before (<) 10.0.25398.830
cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-26189

EPSS FAQ

1.20%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 78 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-26189

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.1	5.9	Microsoft Corporation	2024-04-09
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.0	HIGH	CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/...	N/A	N/A	MS-CVE-2024-26189	2024-04-09
Attack Vector: Adjacent Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-26189

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: secure@microsoft.com (Secondary)

References for CVE-2024-26189

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26189

CVE-2024-26189 - Security Update Guide - Microsoft - Secure Boot Security Feature Bypass Vulnerability
Vendor Advisory

Vulnerability Details : CVE-2024-26189

Products affected by CVE-2024-26189

Exploit prediction scoring system (EPSS) score for CVE-2024-26189

CVSS scores for CVE-2024-26189

CWE ids for CVE-2024-26189

References for CVE-2024-26189