CVE-2024-21421: Azure SDK Spoofing Vulnerability

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C

Category

Spoofing

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Mar

Released

2024-03-12

EPSS Score

7.42% (percentile: 91.7%)

FAQ

What actions do customers need to take to protect themselves from this vulnerability? Customers with deployments created prior to Oct 19. 2023 must manually upgrade azure-core to Azure Core Build 1.29.5 or higher to be protected. For information reference the following: https://azure.github.io/azure-sdk/releases/latest/index.html. Customers with deployments created after October 19, 2023 recieved the fix automatically and no action is needed.

Affected Products (1)

Azure

• Azure SDK

Security Updates (1)

• Release Notes

Acknowledgments

Chris Burr, Chris Burr

Revision History

• 2024-03-12: Information published.