CVE-2024-38092
published 2024-07-09CVE-2024-38092: Azure CycleCloud Elevation of Privilege Vulnerability
PriorityP352high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.63%
73.2th percentile
Azure CycleCloud Elevation of Privilege Vulnerability
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_cyclecloud | 7.9.0 – 7.9.11 | — |
| microsoft | azure_cyclecloud | 8.0.0 – 8.6.0 | — |
| microsoft | azure_cyclecloud_7.9.0 | >= 7.9.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.1 | >= 7.9.1 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.10 | >= 7.9.10 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.10 | >= 7.9.5 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.11 | >= 7.9.11 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.2 | >= 7.9.2 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.3 | >= 7.9.3 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.4 | >= 7.9.4 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.6 | >= 7.9.6 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.7 | >= 7.9.7 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.8 | >= 7.8.9 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_7.9.9 | >= 7.9.9 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.0.0 | >= 8.0.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.0.1 | >= 8.0.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.0.2 | >= 8.0.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.1.0 | >= 8.1.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.1.1 | >= 8.1.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.2.0 | >= 8.2.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.2.1 | >= 8.2.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.2.2 | >= 8.2.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.3.0 | >= 8.3.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.4.0 | >= 8.4.0 < 8.6.2 | 8.6.2 |
| microsoft | azure_cyclecloud_8.4.1 | >= 8.4.0 < 8.6.2 | 8.6.2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-pp98-wjf6-6x98: Azure CycleCloud Elevation of Privilege Vulnerability
ghsa_unreviewed·2024-07-09
CVE-2024-38092 [HIGH] CWE-693 GHSA-pp98-wjf6-6x98: Azure CycleCloud Elevation of Privilege Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability
Microsoft
Azure CycleCloud Elevation of Privilege Vulnerability
vendor_msrc·2024-07-09·CVSS 8.8
CVE-2024-38092 [HIGH] CWE-693 Azure CycleCloud Elevation of Privilege Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
The attacker who successfully exploited the vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance.
FAQ: According to the CVSS metric, privileges required is Low (PR:L). What does that mean for this vulnerability?
To exploit this vulnerability an attacker must have an account with the User role assigned.
FAQ: What actions do customers need to take to protect themselves from this vulnerability?
Azure CycleCloud versions 7.9.0 - 7.9.11 were retired on 30 September, 2023 as documented here: CycleCloud 7 Retirement Guide. Customers with existing CycleCloud deployments using versions 7.9.0
No detection rules found.
No public exploits indexed.
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
## The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs 2024/07/09 Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
Trendmicro
The July 2024 Security Update Review
blogs_trendmicro·2024-07-09
The July 2024 Security Update Review
# The July 2024 Security Update Review
Get the July 2024 security update and review.
By: Dustin Childs
2024/07/09
Read time: ( words)
Save to Folio
We’re just past the halfway point of 2024, and as expected, Microsoft and Adobe have released their regularly scheduled updates. Take a break from your regular activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here:
Adobe Patches for July 2024
For July, Adobe released three patches addressing seven CVEs in Adobe Premiere Pro, InDesign, and Adobe Bridge. The patch for InDesign is the largest, fixing four Critical-rated CVEs. All four could lead to arbitrary code execution. The fix for Premiere Pro fixes a single CVE
2024-07-09
Published