Elevation of Privilege Vulnerability Affects Azure CycleCloud
CVE-2024-29993

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Cyclecloud 8.6.0
Vendor: CVE Published:; 9 April 2024

Summary

The vulnerability in Azure CycleCloud allows an attacker to elevate their privileges, potentially granting unauthorized access to sensitive operations and resources. This flaw emphasizes the importance of stringent access controls and timely patching to mitigate security risks associated with privilege escalation.

Affected Version(s)

Azure CycleCloud 8.6.0 Unknown 8.6.0 < 8.6.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 9, 2024
Vulnerability Reserved
Mar 22, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed