CVE-2024-43602
published 2024-11-12CVE-2024-43602: Azure CycleCloud Remote Code Execution Vulnerability
PriorityP266critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
2.20%
80.3th percentile
Azure CycleCloud Remote Code Execution Vulnerability
Affected
36 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_cyclecloud | >= 8.0.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud | >= 8.6.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud | >= 8.6.3 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud | >= 8.6.4 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.0.0 | >= 8.0.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.0.1 | >= 8.0.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.0.2 | >= 8.0.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.1.0 | >= 8.1.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.1.1 | >= 8.1.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.2.0 | >= 8.2.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.2.1 | >= 8.2.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.2.2 | >= 8.2.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.3.0 | >= 8.3.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.4.0 | >= 8.4.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.4.1 | >= 8.4.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.4.2 | >= 8.4.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.5.0 | >= 8.5.0 < 8.6.5 | 8.6.5 |
| microsoft | azure_cyclecloud_8.6.0 | >= 8.6.0 < 8.6.5 | 8.6.5 |
| msrc | azure_cyclecloud_8.0.0 | — | — |
| msrc | azure_cyclecloud_8.0.1 | — | — |
| msrc | azure_cyclecloud_8.0.2 | — | — |
| msrc | azure_cyclecloud_8.1.0 | — | — |
| msrc | azure_cyclecloud_8.1.1 | — | — |
| msrc | azure_cyclecloud_8.2.0 | — | — |
| msrc | azure_cyclecloud_8.2.1 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker with basic user permissions sends specially crafted requests to modify cluster configuration to gain Root level permissions ↗
- →Monitor for unexpected privilege escalation to root on Azure CycleCloud clusters, particularly originating from low-privileged user accounts ↗
- ·Exploitation requires only basic user permissions — no elevated privileges needed to initiate the attack against Azure CycleCloud ↗
- ·In some scenarios the attack can result in full administrator credential compromise, not just RCE on the targeted cluster ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_msrc9.9CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f3v6-qmvg-fhwg: Azure CycleCloud Remote Code Execution Vulnerability
ghsa_unreviewed·2024-11-12
CVE-2024-43602 [CRITICAL] CWE-285 GHSA-f3v6-qmvg-fhwg: Azure CycleCloud Remote Code Execution Vulnerability
Azure CycleCloud Remote Code Execution Vulnerability
Microsoft
Azure CycleCloud Remote Code Execution Vulnerability
vendor_msrc·2024-11-12·CVSS 9.9
CVE-2024-43602 [CRITICAL] CWE-285 Azure CycleCloud Remote Code Execution Vulnerability
Azure CycleCloud Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
An attacker with basic user permissions can send specially crafted requests to modify the configuration of an Azure CycleCloud cluster to gain Root level permissions enabling them to execute commands on any Azure CycleCloud cluster in the current instance and in some scenarios, compromise administrator credentials.
Azure CycleCloud: Azure CycleCloud
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://learn.microsoft.com/en-us/azure/cyclecloud/how-to/upgrade-and-migrate?view=cyclecloud-8
Reference: https
No detection rules found.
No public exploits indexed.
Talos
November Patch Tuesday release contains three critical remote code execution vulnerabilities
blogs_talos·2024-11-12·CVSS 9.8
CVE-2024-43639 [CRITICAL] November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-43639 is a remote code execution vulnerability in Windows Kerberos that could be exploited by an attacker by creating a specially crafted application to leverage a vulnerable cryptographic protocol. While considered “critical” it was determined that exploitation is “less likely” and not been detected in the wild.
CVE-2024-43625 is a privilege escalation vulnerability in a VMSwitch driver, which is a networking component of Hyper-V. An attacker could exploit this by sending a specific series of network
Bleepingcomputer
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
blogs_bleepingcomputer·2024-11-12·CVSS 6.5
[MEDIUM] Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
## Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
## Lawrence Abrams
26 Elevation of Privilege vulnerabilities
2 Security Feature Bypass vulnerabilities
52 Remote Code Execution vulnerabilities
1 Information Disclosure vulnerability
4 Denial of Service vulnerabilities
3 Spoofing vulnerabilities
This count does not include two Edge flaws that were previously fixed on November 7th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5046617 and KB5046633 cumulative updates and the Windows 10 KB5046613 update .
## Four zero-days disclosed
This month's Patch Tuesday fixes four zero-days, two of which were actively exploited in attacks, and three were publicly disclosed.
Microsoft classifies a
Talos
November Patch Tuesday release contains three critical remote code execution vulnerabilities
blogs_talos·2024-11-12·CVSS 9.8
CVE-2024-43639 [CRITICAL] November Patch Tuesday release contains three critical remote code execution vulnerabilities
## November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-43639 is a remote code execution vulnerability in Windows Kerberos that could be exploited by an attacker by creating a specially crafted application to leverage a vulnerable cryptographic protocol. While considered “critical” it was determined that exploitation is “less likely” and not been detected in the wild.
CVE-2024-43625 is a privilege escalation vulnerability in a VMSwitch driver, which is a networ
Tenable
Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)
blogs_tenable·2024-11-12·CVSS 6.5
[MEDIUM] Microsoft’s November 2024 Patch Tuesday Addresses 87 CVEs (CVE-2024-43451, CVE-2024-49039)
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2024-11-12
Published