CVE-2024-43591

Improper Neutralization of Special Elements used in a Command ('Command Injection') (CWE-77)

Published: Oct 8, 2024

010
CVSS 8.7EPSS 0.05%High
CVE info copied to clipboard

Summary

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability. This vulnerability has a high severity with a CVSS base score of 9.1. It is a network-based attack vector with low attack complexity and requires no user interaction. The vulnerability can lead to a change in scope and has high impact on confidentiality, integrity, and availability. It requires high privileges to exploit.

Impact

The exploitation of this vulnerability could allow an attacker with high privileges to elevate their privileges further within the Azure Command Line Integration (CLI). This could potentially lead to unauthorized access to resources, modification of system configurations, and disruption of services. The high confidentiality, integrity, and availability impacts suggest that an attacker could access sensitive information, alter critical data, and potentially cause system downtime or service interruptions.

Exploitation

There is no evidence that a public proof-of-concept exists. There is no evidence of proof of exploitation at the moment.

Patch

A patch is available. Microsoft has released an official fix for this vulnerability on October 8, 2024. The patch addresses versions of Azure CLI and Azure Service Connector prior to version 2.65.0.

Mitigation

1. Apply the official patch released by Microsoft as soon as possible, updating Azure CLI and Azure Service Connector to version 2.65.0 or later. 2. Restrict network access to the Azure CLI to trusted networks and users only. 3. Implement the principle of least privilege, ensuring users and processes have only the necessary permissions. 4. Monitor for any suspicious activities or unauthorized elevation of privileges in Azure CLI logs. 5. Keep the Azure CLI and related components up to date with the latest security patches. 6. Use additional security measures such as multi-factor authentication and robust access controls for privileged accounts.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H/E:U/RL:O/RC:C

Timeline

CVSS

A CVSS base score of 8.7 has been assigned.

Oct 8, 2024 at 5:40 PM / microsoft
First Article

Feedly found the first article mentioning CVE-2024-43591. See article

Oct 8, 2024 at 5:55 PM / Zero Day Initiative - Blog
CVE Assignment

NVD published the first details for CVE-2024-43591

Oct 8, 2024 at 6:15 PM
CVSS Estimate

Feedly estimated the CVSS score as HIGH

Oct 8, 2024 at 6:33 PM
EPSS

EPSS Score was set to: 0.05% (Percentile: 16.6%)

Oct 9, 2024 at 10:29 AM
CVSS

A CVSS base score of 9.1 has been assigned.

Oct 16, 2024 at 9:50 PM / nvd
EPSS

EPSS Score was set to: 0.05% (Percentile: 17.4%)

Nov 19, 2024 at 2:42 AM
Static CVE Timeline Graph

Affected Systems

Microsoft/azure_cli
+null more

Patches

Microsoft
+null more

Attack Patterns

CAPEC-136: LDAP Injection
+null more

News

Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability
October 2024 – Microsoft patch tuesday highlights
Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE) are among the vulnerabilities that Microsoft has addressed in various software products. Microsoft Configuration Manager Remote Code Execution Vulnerability
MS Family October 2024 Routine Security Update Advisory
Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
Microsoft Security Bulletin Coverage for October 2024
Microsoft’s October 2024 Patch Tuesday has 117 vulnerabilities, of which 42 are Remote Code Execution.SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2024 and has produced coverage for 4 of the reported vulnerabilities. Microsoft tracks vulnerabilities that are being actively exploited at the time of discovery and those that have been disclosed publicly before the patch Tuesday release for each month.
Microsoft Release October 2024 Patch Tuesday Updates for Windows 11 and Windows 10
Microsoft addressed 117 vulnerabilities in the October 2024 Patch Tuesday update, including three rated critical and two actively exploited security flaws. Here’s the full list of CVEs released by Microsoft with the October 2024 Patch Tuesday updates:
See 23 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:High
User Interaction:None
Scope:Changed
Confidentiality:None
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI