Elevation of Privilege Vulnerability in Azure Network Watcher VM Agent
CVE-2024-43470

7.3HIGH

Key Information:

Vendor: Microsoft
Status: Azure Network Watcher Vm Extension
Vendor: CVE Published:; 10 September 2024

What is CVE-2024-43470?

The Azure Network Watcher VM Agent has a vulnerability that allows attackers to elevate their privileges within the virtual machines monitored by the agent. Exploiting this vulnerability may give unauthorized users greater access rights, potentially leading to further compromises in the cloud environment. Microsoft has released advisories detailing the nature of this vulnerability and recommended approaches to secure affected instances.

Affected Version(s)

Azure Network Watcher VM Extension Unknown 1.4.3320.1

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 10, 2024
Vulnerability Reserved
Aug 14, 2024