Описание
Azure Monitor Agent Elevation of Privilege Vulnerability
FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An authenticated attacker would be able to delete targeted files on a system which could result in them gaining SYSTEM privileges.
What actions do customers need to take to protect themselves from this vulnerability?
We released CVE-2024-30060 to help keep customers protected. Customers who have installed the latest updates, or have automatic updates enabled, are already protected. Customers who have disabled Automatic Extension Upgrades or would like to upgrade an extension immediately must manually update their Azure Monitor Agent to the latest version. For more information on how to perform a manual update, see Manage Azure Monitor Agent.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Azure Monitor Agent Elevation of Privilege Vulnerability
Azure Monitor Agent Elevation of Privilege Vulnerability
Уязвимость инструмента сбора данных с виртуальных машин (VM) и физических серверов Azure Monitor Agent, связанная с неверным определением ссылки перед доступом к файлу, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3