Main Vulnerability Database Vulnerabilities #VU95860

#VU95860 Improper access control in Azure Connected Machine Agent - CVE-2024-38162

Published: August 13, 2024

Vulnerability identifier: #VU95860

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-38162

CWE-ID: CWE-284

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Azure Connected Machine Agent

Software vendor:
Microsoft

Description

The vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in Azure Connected Machine Agent. A local user can bypass implemented security restrictions and create or delete files in the security context of the NT AUTHORITY SYSTEM account.

Remediation

Install updates from vendor's website.

External links

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2024-38162

#VU95860 Improper access control in Azure Connected Machine Agent - CVE-2024-38162

Description

Remediation

External links

Please verify you're human