Security
Headlines
HeadlinesLatestCVEs

Tag

#Azure Monitor

CVE-2024-38097: Azure Monitor Agent Elevation of Privilege Vulnerability

**According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?** Exploitation of this vulnerability does not disclose any confidential information but allows an attacker to modify or delete files containing data which could cause the service to become unavailable.

Microsoft Security Response Center
#vulnerability#Azure Monitor#Security Vulnerability
CVE-2024-35254: Azure Monitor Agent Elevation of Privilege Vulnerability

**What actions do customers need to take to protect themselves from this vulnerability?** Customers who have disabled Automatic Extension Upgrades or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see Manage Azure Monitor Agent.

CVE-2024-30060: Azure Monitor Agent Elevation of Privilege Vulnerability

**What privileges could be gained by an attacker who successfully exploited this vulnerability?** An authenticated attacker would be able to delete targeted files on a system which could result in them gaining SYSTEM privileges.

CVE-2024-29989: Azure Monitor Agent Elevation of Privilege Vulnerability

**According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?** An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.