Main Vulnerability Database Vulnerabilities #VU86420

Permissions, Privileges, and Access Controls in Azure Kubernetes Service Confidential Containers - CVE-2024-21403

Published: February 13, 2024

Vulnerability identifier: #VU86420

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2024-21403

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
Azure Kubernetes Service Confidential Containers

Detailed vulnerability description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the Microsoft Azure Kubernetes Service Confidential Container, which leads to security restrictions bypass and privilege escalation.

How to mitigate CVE-2024-21403

Install updates from vendor's website.

Sources

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21403

Permissions, Privileges, and Access Controls in Azure Kubernetes Service Confidential Containers - CVE-2024-21403

Detailed vulnerability description

How to mitigate CVE-2024-21403

Sources

Please verify you're human