Elevation of Privilege Vulnerability Affects Azure Monitor Agent
CVE-2024-29989

8.4HIGH

Key Information:

Vendor: Microsoft
Status: Azure Monitor
Vendor: CVE Published:; 9 April 2024

Summary

The Azure Monitor Agent has been identified with a vulnerability that could allow attackers to gain elevated privileges within the system. This vulnerability poses a risk to the security posture of affected Azure environments, enabling unauthorized users to access and manipulate sensitive data. Organizations relying on Azure Monitor for operational insights must be aware of this issue and apply timely updates and mitigations to safeguard their systems. For more detailed information, refer to the official Microsoft advisory.

Affected Version(s)

Azure Monitor Unknown 1.0.0 < 1.24.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

EPSS Score

0% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 22, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed