CVE-2024-38175 — Vulnetix

CVE-2024-38175 PUBLISHED CVSS 9.600000381469727 CRITICAL

An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.

EPSS 6.12% · 91.0th percentile

Risk Scores

CVSS 3.1

9.600000381469727

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N/E:F/RL:O/RC:C

EPSS Score

6.12%

91.0th percentile

Affected Products

Vendor	Product	Versions
Microsoft	N/A
Microsoft	Azure Managed Instance for Apache Cassandra	N/A
microsoft	azure_managed_instance_for_apache_cassandra	N/A

Exploit Intelligence

Timeline

Aug 13, 2024 CVE Published
Aug 21, 2024 EPSS Score
Sep 11, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 10, 2024 CVE Updated
Oct 17, 2024 Coalition ESS Score
Oct 22, 2024 EPSS Score
Nov 8, 2024 Coalition ESS Score
Nov 11, 2024 EPSS Score
Dec 3, 2024 EPSS Score
Jan 13, 2025 EPSS Score
Jan 31, 2025 Coalition ESS Score

References

Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-38175 advisory

Open in Interactive Console →