Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38220

9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Stack Hub
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-38220?

The vulnerability identified in Azure Stack Hub allows an attacker to elevate their privileges within the system. This issue could enable unauthorized access to sensitive functionalities, posing a significant risk to enterprise workloads. Organizations utilizing Azure Stack Hub should assess their environments for potential exposure and implement necessary mitigation strategies as outlined in Microsoft’s advisory.

Affected Version(s)

Azure Stack Hub Unknown 1.0.0 < 1.2406.1.15

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Jun 11, 2024