VDB
CVE-2024-21400
CVE-2024-21400
PUBLISHED
CVSS 9.300000190734863 CRITICAL
In Microsoft Azure existieren mehrere Schwachstellen. Die Schwachstellen bestehen aufgrund eines use-after-free Fehlers und zahlreicher unbeschriebener Fehler. Ein entfernter oder lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, seine Privilegien zu erweitern und Informationen falsch darzustellen.
EPSS 2.19% · 84.7th percentile
Risk Scores
CVSS 4.0
9.300000190734863
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS Score
2.19%
84.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Azure SDK | |
| Microsoft | Microsoft Azure Sentinel | |
| Microsoft | Microsoft Azure Automation | |
| Microsoft | Microsoft Azure Kubernetes Service Confidential Containers | |
| Microsoft | Microsoft Azure Data Studio | |
| Microsoft | Microsoft Azure Automation Update Management | |
| Microsoft | Microsoft Azure Security Center | |
| IBM | IBM QRadar SIEM 7.3.3-7.5.0 |
Exploit Intelligence
- CIRCL seen: CVE-2024-21400 (circl-sighting)
- CIRCL seen: CVE-2024-21400 (circl-sighting)
- CIRCL seen: CVE-2024-21400 (circl-sighting)
- CIRCL seen: CVE-2024-21400 (circl-sighting)
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (circl)
Timeline
- Mar 12, 2024 CVE Published
- Mar 13, 2024 EPSS Score
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Mar 13, 2024 PoC Published
- Apr 8, 2024 EPSS Score
- May 30, 2024 EPSS Score
- Jun 25, 2024 EPSS Score
- Jul 22, 2024 EPSS Score
- Sep 12, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score