Skip to main content

Azure Site Recovery CVE-2024-21364

CRITICAL
Improper Access Control (CWE-284)
2024-02-13 secure@microsoft.com
9.3
CVSS 3.1 · Vendor: microsoft
Share

Severity by source

Vendor (microsoft) PRIMARY
9.3 CRITICAL
AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (microsoft) · only source for this CVE.

CVSS VectorVendor: microsoft

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 13, 2024 - 18:15 cve.org
CRITICAL 9.3

DescriptionCVE.org

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability

AnalysisAI

Microsoft Azure Site Recovery Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-284. Microsoft Azure Site Recovery Elevation of Privilege Vulnerability Affected products include: Microsoft Azure Site Recovery.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2022-35802 HIGH
8.1 Aug 09

Azure Site Recovery Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2022-24469 HIGH
8.1 Mar 09

Azure Site Recovery Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely

CVE-2022-35824 HIGH
7.2 Aug 09

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-33678 HIGH
7.2 Jul 12

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-33677 HIGH
7.2 Jul 12

Azure Site Recovery Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-33676 HIGH
7.2 Jul 12

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-26898 HIGH
7.2 Apr 15

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-24520 HIGH
7.2 Mar 09

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-24517 HIGH
7.2 Mar 09

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-24471 HIGH
7.2 Mar 09

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-24470 HIGH
7.2 Mar 09

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

CVE-2022-24468 HIGH
7.2 Mar 09

Azure Site Recovery Remote Code Execution Vulnerability. Rated high severity (CVSS 7.2), this vulnerability is remotely

Share

CVE-2024-21364 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy