Severity by source
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Adjacent MITM position (AV:A) with no auth or interaction; improper cert validation grants full agent-context compromise, giving high C/I/A within an unchanged scope.
Primary rating from Vendor (microsoft).
CVSS VectorVendor: microsoft
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper certificate validation in Azure Monitor Agent allows an unauthorized attacker to elevate privileges over an adjacent network.
AnalysisAI
Privilege escalation in Microsoft's Azure Monitor Agent (specifically the Metrics Extension) lets an unauthenticated attacker on an adjacent network gain elevated privileges by exploiting improper TLS certificate validation (CWE-295). Because the agent fails to properly verify the certificate of the endpoint it communicates with, an attacker positioned on the same broadcast/logical network segment can impersonate a trusted server and hijack the agent's privileged context, yielding high confidentiality, integrity, and availability impact. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to be on an adjacent network (AV:A) - the same local/broadcast segment or logical subnet as a host running the Azure Monitor Agent Metrics Extension - typically achieved by first compromising a neighboring VM or device; it cannot be performed from an arbitrary remote internet location. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, score 8.8) indicates a low-complexity, unauthenticated attack with no user interaction but requiring adjacency - the attacker must be on the same local/adjacent network segment rather than reaching the target across the open internet, which meaningfully narrows the realistic attacker population. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has already compromised a virtual machine or device on the same subnet as a target host running Azure Monitor Agent positions themselves as a man-in-the-middle and presents a forged or invalid certificate that the Metrics Extension fails to reject. The agent trusts the impersonated endpoint, allowing the attacker to inject malicious responses/data into the privileged agent process and elevate privileges on the target. … |
| Remediation | Patch available per vendor advisory - apply the updated Azure Monitor Agent Metrics Extension released by Microsoft as tracked in the MSRC update guide (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47632); the exact fixed version is not stated in the provided data, so obtain it from that advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all systems running Azure Monitor Agent Metrics Extension through deployment inventory and assess network segmentation to isolate monitor agents from untrusted networks. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-295 – Improper Certificate Validation
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43792
GHSA-hhxq-vhpq-pjf3