Azure Stack Hub Elevation of Privilege Vulnerability
CVE-2024-38220

9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Stack Hub
Vendor: CVE Published:; 10 September 2024

Summary

The vulnerability identified in Azure Stack Hub allows an attacker to elevate their privileges within the system. This issue could enable unauthorized access to sensitive functionalities, posing a significant risk to enterprise workloads. Organizations utilizing Azure Stack Hub should assess their environments for potential exposure and implement necessary mitigation strategies as outlined in Microsoft’s advisory.

Affected Version(s)

Azure Stack Hub Unknown 1.0.0 < 1.2406.1.15

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Jun 11, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed