Improper Authorization in Azure Migrate - CVE-2024-26193

 

Improper Authorization in Azure Migrate - CVE-2024-26193

Published: April 10, 2024


Vulnerability identifier: #VU88420
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-26193
CWE-ID: CWE-285
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Microsoft
Affected software:
Azure Migrate

Detailed vulnerability description

The vulnerability allows a remote user to bypass authorization.

The vulnerability exists due to improper authorization checks in Azure Migrate. An administrator on the local network can execute arbitrary code on the target system.


How to mitigate CVE-2024-26193

Install updates from vendor's website.

Sources