CVE-2024-21397
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Summary
Microsoft Azure File Sync has an Elevation of Privilege Vulnerability. This vulnerability is related to improper link resolution before file access, also known as 'Link Following'. It affects Azure File Sync versions from 14.0.0.0 up to (but not including) 16.2.0.0, as well as version 17.0.0.0.
Impact
The vulnerability has a high impact on integrity and a low impact on availability, with no direct impact on confidentiality. An attacker with low privileges could potentially exploit this vulnerability to elevate their privileges within the system. This could lead to unauthorized modification of files or limited disruption of services. The attack vector is local, meaning the attacker would need local access to the system to exploit this vulnerability.
Exploitation
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
Patch
A patch is available for this vulnerability. Microsoft released the patch on February 13, 2024.
Mitigation
To mitigate this vulnerability, it is recommended to apply the latest security updates provided by Microsoft for Azure File Sync. Specifically, ensure that Azure File Sync is updated to version 16.2.0.0 or later, except for version 17.0.0.0 which is also vulnerable. Additionally, implement the principle of least privilege for user accounts and limit local access to systems running Azure File Sync. Monitor for any suspicious file system activities or unexpected privilege escalations.
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L
Timeline
NVD published the first details for CVE-2024-21397
Feedly found the first article mentioning CVE-2024-21397. See article
Feedly estimated the CVSS score as MEDIUM
EPSS Score was set to: 0.04% (Percentile: 6.7%)