CVE-2024-43480: Azure Service Fabric for Linux Remote Code Execution Vulnerability

Overview

Severity

Medium (CVSS 6.6)

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

Category

Remote Code Execution

Exploit Status

Not Exploited

Exploitation Likelihood

Less Likely

Patch Tuesday

2024-Oct

Released

2024-10-08

EPSS Score

0.28% (percentile: 51.3%)

FAQ

According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? An attacker is required to compromise the credential of a victim who has been assigned the role of “Cluster Admin” or “Cluster Operator” by an administrator prior to attempting to exploit the vulnerability. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker or targeted user to have specific elevated privileges. Only users with roles “Cluster Admin” and “Cluster Operator” can access this.

Affected Products (3)

Azure

• Azure Service Fabric 9.1 for Linux
• Azure Service Fabric 10.0 for Linux
• Azure Service Fabric 10.1 for Linux

Security Updates (1)

• Release Notes

Acknowledgments

Anonymous

Revision History

• 2024-10-08: Information published.