Remote code execution in Microsoft Azure Migrate
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-26193 |
| CWE-ID | CWE-285 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Azure Migrate Client/Desktop applications / Other client software |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper Authorization
EUVDB-ID: #VU88420
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-26193
CWE-ID:
CWE-285 - Improper Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote user to bypass authorization.
The vulnerability exists due to improper authorization checks in Azure Migrate. An administrator on the local network can execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Migrate: All versions
CPE2.3 External linkshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26193
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
