CVE-2024-49073: 
vulnerability analysis and mitigation

The Windows Mobile Broadband Driver Elevation of Privilege Vulnerability (CVE-2024-49073) was identified and disclosed on December 11, 2024. This security flaw affects various versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD Database).

The vulnerability has been assigned a CVSS v3.1 base score of 6.8 (Medium severity) with the following vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-20 (Improper Input Validation) according to Microsoft's assessment (NVD Database).

This vulnerability could potentially lead to elevation of privilege if successfully exploited, affecting the confidentiality, integrity, and availability of the system as indicated by the high (H) impact scores in the CVSS vector (NVD Database).

Microsoft has released security updates to address this vulnerability. The affected systems include Windows 10 versions 1809, 21H2, 22H2, Windows 11 versions 22H2, 23H2, 24H2, and Windows Server 2019, 2022 23H2, and 2025. Users should update to the latest versions that include the security fixes (NVD Database).