Elevation of Privilege Vulnerability Affects Azure Stack HCI
CVE-2024-49060

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Stack Hci
Vendor: CVE Published:; 15 November 2024

Summary

An elevation of privilege vulnerability exists in Azure Stack HCI, allowing unauthorized users to gain privileges that could lead to the compromise of system integrity. This security flaw can be exploited by an attacker to execute arbitrary code or actions with elevated permissions, potentially impacting the confidentiality and availability of data within the affected system environments. Organizations utilizing Azure Stack HCI should be aware of this issue and take appropriate measures to address the vulnerability as indicated in vendor advisories.

Affected Version(s)

Azure Stack HCI Unknown 10.2408.1.9 < 2411

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 15, 2024

Collectors

NVD DatabaseMitre DatabaseMicrosoft Feed