CVE-2024-49083: 
vulnerability analysis and mitigation

Windows Mobile Broadband Driver Elevation of Privilege Vulnerability (CVE-2024-49083) was disclosed on December 11, 2024. This vulnerability affects multiple versions of Microsoft Windows operating systems, including Windows 10, Windows 11, and Windows Server editions (NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) with a CVSS v3.1 Base Score of 6.8 (Medium). The vulnerability's attack vector is Physical (AV:P) with Low attack complexity (AC:L), requiring No privileges (PR:N) and No user interaction (UI:N). The scope is Unchanged (S:U) with High impact on Confidentiality, Integrity, and Availability (C:H/I:H/A:H) (NVD).

The vulnerability could allow an attacker to gain elevated privileges on affected systems, potentially leading to complete system compromise with high impacts on confidentiality, integrity, and availability (NVD).

Microsoft has released security updates to address this vulnerability across multiple affected versions. Updates are available through KB5048661 (Windows 10 1809), KB5048652 (Windows 10 21H2/22H2), KB5048685 (Windows 11), KB5048667 (Windows 11 24H2), and KB5048653 (Windows Server 2022) (Rapid7).