Elevation of Privilege Vulnerability Affects Azure CycleCloud
CVE-2024-29993

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Cyclecloud 8.6.0
Vendor: CVE Published:; 9 April 2024

What is CVE-2024-29993?

The vulnerability in Azure CycleCloud allows an attacker to elevate their privileges, potentially granting unauthorized access to sensitive operations and resources. This flaw emphasizes the importance of stringent access controls and timely patching to mitigate security risks associated with privilege escalation.

Affected Version(s)

Azure CycleCloud 8.6.0 Unknown 8.6.0 < 8.6.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 22, 2024

Microsoft

What is CVE-2024-29993?

Affected Version(s)

References

CVSS V3.1

Timeline