CVE-2024-20679: Azure Stack Hub Spoofing Vulnerability

Overview

Severity

Medium (CVSS 6.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Feb

Released

2024-02-13

EPSS Score

0.53% (percentile: 67.4%)

FAQ

According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker.

Affected Products (1)

Azure

• Azure Stack Hub

Security Updates (1)

• Release Notes

Acknowledgments

Felix Boulet with Centre gouvernemental de cyberdéfense (CGCD)

Revision History

• 2024-02-13: Information published.