Azure Stack Hub Spoofing Vulnerability
CVE-2024-38108

9.3CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Stack Hub
Vendor: CVE Published:; 13 August 2024

Summary

A spoofing vulnerability exists in Azure Stack Hub, allowing an attacker to manipulate or masquerade as legitimate users or services within the system. This vulnerability can lead to unauthorized access and potentially harmful actions that could affect data integrity and confidentiality. Implementing security measures and staying updated with Microsoft’s advisories is crucial for protecting your Azure Stack Hub environment from such threats.

Affected Version(s)

Azure Stack Hub Unknown 1.0.0 < 1.2311.1.22

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 13, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed