🟡 CVE-2024-43468

Critical SQL injection vulnerability in Microsoft Configuration Manager (SCCM) allowing unauthenticated remote code execution. CISA has listed this in their Known Exploited Vulnerabilities catalog, indicating active exploitation in the wild.

← Back to Overview
MEDIUM_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: MEDIUM

Exploitation Method: DIRECT_NETWORK

CVE Published: 2024-10-08

Added to CISA KEV: 2026-02-12 492 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-43468 is a critical vulnerability affecting Microsoft Configuration Manager (formerly SCCM) that has been confirmed as actively exploited in the wild [3] [9].

Vulnerability Overview
  • Type: SQL Injection leading to Remote Code Execution (RCE) [7] [8].
  • Severity: Critical (CVSS 9.8) [6].
  • Mechanism: The vulnerability stems from improper neutralization of special elements used in an SQL command [3]. Attackers can leverage this to execute arbitrary SQL commands, which can be chained to gain full database access or execute code on the server [6] [2].
Exploitation and Impact
  • Active Exploitation: It is listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog, confirming it is being actively exploited in the wild [1].
  • Requirements: The attack is unauthenticated and network-based, meaning it does not require user interaction to execute [4] [8].
  • Impact: Successful exploitation provides attackers with the ability to execute arbitrary code on the server hosting Configuration Manager. Given the role of Configuration Manager in managing enterprise software and updates, this grants an attacker significant control over the entire managed environment [2].
  • PoC Availability: Proof-of-concept (PoC) exploit code is publicly available, including from security research firms like Synacktiv [4].
Status and Mitigation
  • Patch Status: Microsoft released patches for this vulnerability in October 2024. Organizations are strongly advised to apply the latest updates provided by Microsoft to mitigate the risk [5].
  • Threat Actor Usage: While specific threat actor attribution is often sensitive, its inclusion in the CISA KEV catalog and the availability of public exploits indicate it is a high-priority target for various malicious actors, including those involved in ransomware or advanced persistent threat (APT) campaigns that seek to compromise enterprise infrastructure [1].

Sources

  1. NVD - CVE-2024-43468

    Microsoft Corporation. Vendor Advisory. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-43468.Reference CISA's BOD 22-01 and Known Exploited Vulnerabilities Catalog for further guidance and requirements. Vulnerability Name. Date Added. ... An official website of the U…

  2. CVE-2024-43468 – Microsoft Configuration Manager Remote Code ...

    CVE-2024-43468 is a Remote Code Execution (RCE) vulnerability affecting Microsoft Configuration Manager. The flaw allows an attacker to execute arbitrary code ... CVE-2024-43468 is a Remote Code Execution (RCE) vulnerability affecting Microsoft Configuration Manager. The flaw allows an attacker to e…

  3. CVE-2024-43468 Detail - NVD

    CVE-2024-43468 Detail Description. This CVE is in CISA's Known Exploited Vulnerabilities Catalog. Improper Neutralization of Special Elements used in an SQL ...

  4. Microsoft Configuration Manager (ConfigMgr) 2403 Unauthenticated ...

    Exploitation code is available at https://github.com/synacktiv/CVE-2024-43468. Timeline. Date, Description. 2024.08.05, Advisory sent to MSRC.

  5. Patch SCCM CVE-2024-43468 SQL Injection Vulnerability - LinkedIn

    Initially, Microsoft assessed the likelihood of exploitation as “less likely” when it patched the issue in October 2024. However, the release of ...

  6. PSA: CVE-2024-43468 (CVSS 9.8): Microsoft Configuration ... - Reddit

    This allows attackers to write arbitrary SQL cmds that could do things like setup another SQL admin account and gain direct access to the full db.

  7. CVE-2024-43468: Microsoft Configuration Manager RCE Flaw

    CVE-2024-43468 is a remote code execution vulnerability in Microsoft Configuration Manager that enables attackers to execute arbitrary code ... CVE-2024-43468 is a remote code execution vulnerability in Microsoft Configuration Manager that enables attackers to execute arbitrary code remotely. This a…

  8. NopSec Just in Time: CVE-2024-43468 SCCM SQL Injection

    What are CVE-2024-43468? Researchers have identified a critical SQL injection vulnerability that impacts Microsoft Configuration Manager (SCCM).

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed