Azure CycleCloud Remote Code Execution Vulnerability
CVE-2024-43602

9.9CRITICAL

Key Information:

Vendor: Microsoft
Status: Azure Cyclecloud; Azure Cyclecloud 8.0.0; Azure Cyclecloud 8.0.1; Azure Cyclecloud 8.6.0
Vendor: CVE Published:; 12 November 2024

Summary

The vulnerability in Azure CycleCloud allows an attacker to execute arbitrary code remotely, potentially leading to unauthorized access and control over affected systems. This issue underscores the importance of timely updates and patches to mitigate risks associated with remote code execution vulnerabilities. Users are encouraged to review mitigation recommendations provided by Microsoft to safeguard their environments.

Affected Version(s)

Azure CycleCloud 8.0.0 Unknown 8.0.0 < 8.6.5

Azure CycleCloud 8.0.1 Unknown 8.0.0 < 8.6.5

Azure CycleCloud 8.0.2 Unknown 8.0.0 < 8.6.5

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 12, 2024