CVE-2024-49112: Critical LDAP Vulnerability and the LDAPNightmare Exploit

On December 10, 2024, a remote code execution (RCE) vulnerability found by Yuki Chen (@guhe120) that affects any DC was published on the Microsoft Security Response Center (MSRC) website as part of the latest Patch Tuesday update. This vulnerability was assigned as CVE-2024-49112 and was given the CVSS severity score of 9.8 out of 10. However, a public exploit or blogpost explaining the vulnerability or exploitation path was not published anywhere.

Microsoft Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49112

Safe Breach Blog Post: https://www.safebreach.com/blog/ldapnightmare-safebreach-labs-publishes-first-proof-of-concept-exploit-for-cve-2024-49112/
LDAP Nightmare PoC Tool: https://github.com/SafeBreach-Labs/CVE-2024-49112

Madison Howard

Share Your Mood

maxcoder88

CVE-2024-49112: Critical LDAP Vulnerability and the LDAPNightmare Exploit