Airlift.microsoft.com Elevation of Privilege Vulnerability
CVE-2024-49056

7.3HIGH

Key Information:

Vendor
Microsoft
Status
Airlift.microsoft.com
Vendor
CVE Published:
12 November 2024

Badges

πŸ“° News Worthy

Summary

The vulnerability on the Airlift platform allows an attacker with authorized access to exploit weaknesses related to assumed-immutable data, leading to potential elevation of privileges over a network. This can enable unauthorized actions that compromise system integrity and data confidentiality. It is critical for organizations using the Airlift product to assess their security posture and implement necessary patches to mitigate the risks posed by this vulnerability. For further details, refer to the Microsoft advisory.

Affected Version(s)

airlift.microsoft.com Unknown

News Articles

favicon imageCrowdStrike.com

November 2024 Patch Tuesday: Updates and Analysis | CrowdStrike

Microsoft has released security updates for 158 vulnerabilities, including three zero-days and four critical, for its November 2024 Patch Tuesday rollout.

2 months ago

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...
vendor-advisory

CVSS V3.1

Score:
7.3
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by CrowdStrike.com

  • Vulnerability published

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed1 News Article(s)
.