Elevation of Privilege Vulnerability Affects Azure Monitor Agent
CVE-2024-29989

8.4HIGH

Key Information:

Vendor: Microsoft
Status: Azure Monitor
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-29989?

The Azure Monitor Agent has been identified with a vulnerability that could allow attackers to gain elevated privileges within the system. This vulnerability poses a risk to the security posture of affected Azure environments, enabling unauthorized users to access and manipulate sensitive data. Organizations relying on Azure Monitor for operational insights must be aware of this issue and apply timely updates and mitigations to safeguard their systems. For more detailed information, refer to the official Microsoft advisory.

Affected Version(s)

Azure Monitor Unknown 1.0.0 < 1.24.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 22, 2024