CVE-2024-21397

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?

Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment.

What privileges could be gained by an attacker who successfully exploited this vulnerability?

An attacker can create new files in directories they do not normally have access to. Those can only be on directories where Azure File Sync is configured, which could include SYSTEM directories. However, the attacker would not gain privileges to read, modify, or delete files.

According to the CVSS metrics, successful exploitation of this vulnerability would not impact confidentiality (C:N), but would have a major impact on integrity (I:H) and have less impact on availability (A:L). What does that mean for this vulnerability?

An attacker who successfully exploited this vulnerability could affect the integrity because they could create new files in system directories. Confidentiality is not affected by a successful attack, because the attacker cannot modify, delete, or read files. A successful exploitation could have come impact on availability because there could be some interruption to the availability of the file server.