CVE-2024-49052 — Vulnetix

CVE-2024-49052 PUBLISHED CVSS 8.199999809265137 HIGH

Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network.

EPSS 2.41% · 85.3th percentile

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N/E:U/RC:C

EPSS Score

2.41%

85.3th percentile

Affected Products

Vendor	Product	Versions
Microsoft	Azure
microsoft	azure_functions	N/A
Microsoft	Microsoft Azure Functions	N/A

Timeline

Nov 12, 2024 CVE Published
Nov 26, 2024 PoC Published
Nov 26, 2024 PoC Published
Nov 27, 2024 EPSS Score
Dec 15, 2024 EPSS Score
Jan 18, 2025 EPSS Score
Jan 28, 2025 Coalition ESS Score
Feb 5, 2025 EPSS Score
Feb 5, 2025 CVE Updated
Feb 20, 2025 Coalition ESS Score
Mar 11, 2025 EPSS Score
Mar 12, 2025 Coalition ESS Score

References

Microsoft Azure PolicyWatch Elevation of Privilege Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2024-49052 advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›