Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38216

9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Stack Hub
Vendor: CVE Published:; 10 September 2024

Summary

The Azure Stack Hub is susceptible to an elevation of privilege vulnerability, which could enable an attacker to gain unauthorized access to sensitive data and functions. This may occur due to improper validation of user permissions within the platform. Administrators are urged to apply necessary security updates to mitigate potential risks associated with this vulnerability. For more information, refer to the vendor advisory.

Affected Version(s)

Azure Stack Hub Unknown 1.0.0 < 1.2406.1.15

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed