Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Azure Monitor Agent contains an Elevation of Privilege vulnerability. This vulnerability is associated with improper link resolution before file access, also known as 'link following' (CWE-59). The vulnerability affects the Azure Monitor Agent product.
This vulnerability allows an attacker with low privileges to potentially escalate their privileges on the system. The impact is severe, with high integrity and availability impacts, while confidentiality is not directly affected. The attack vector is local, requiring the attacker to have prior access to the system. No user interaction is needed for exploitation, and the attack complexity is low. The scope is changed, indicating that the vulnerability may affect resources beyond its security context.
There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.
A patch is available. Microsoft released an update to address this vulnerability on April 9, 2024.
1. Apply the security update provided by Microsoft as soon as possible. 2. Limit local access to systems running Azure Monitor Agent to trusted users only. 3. Monitor for any suspicious local activities or unexpected privilege escalations. 4. Implement the principle of least privilege for all user accounts and services. 5. Regularly audit file permissions and symbolic links on systems running Azure Monitor Agent. 6. Consider implementing additional access controls and monitoring solutions to detect potential exploitation attempts.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H
A CVSS base score of 8.4 has been assigned.
NVD published the first details for CVE-2024-29989
Feedly found the first article mentioning CVE-2024-29989. See article
EPSS Score was set to: 0% (Percentile: 8%)
EPSS Score was set to: 0.04% (Percentile: 7.9%)