Headline
CVE-2024-43602: Azure CycleCloud Remote Code Execution Vulnerability
How could an attacker exploit this vulnerability?
An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.