Airlift.microsoft.com Elevation of Privilege Vulnerability

CVE-2024-49056

7.3HIGH

Key Information

Vendor: Microsoft
Status: Airlift.microsoft.com
Vendor: CVE Published:; 12 November 2024

Badges

📰 News Worthy

Summary

Authentication bypass by assumed-immutable data on airlift.microsoft.com allows an authorized attacker to elevate privileges over a network.

Affected Version(s)

airlift.microsoft.com =

News Articles

CrowdStrike.com

CVE-2024-43625CVE-2024-49056

November 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft has released security updates for 158 vulnerabilities, including three zero-days and four critical, for its November 2024 Patch Tuesday rollout.

1 week ago

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

First article discovered by CrowdStrike.com
Nov 13, 2024
Vulnerability published.
Nov 12, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)