Privilege escalation in Azure Managed Instance for Apache Cassandra
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2024-38175 |
| CWE-ID | CWE-284 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Azure Managed Instance for Apache Cassandra Server applications / Other server solutions |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Improper access control
EUVDB-ID: #VU96455
Risk: Medium
CVSSv4.0: 5.2 [CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-38175
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A remote authenticated user with permissions to deploy User Defined Functions (UDF) in an Azure Managed Instance for Apache Cassandra cluster can send specially crafted requests to the underlying host and extract credentials for managed identities of other clusters on the same host node.
The compromised credentials enable the attacker to impersonate the victim's managed identity and retrieve information from other clusters hosted on the node which could be outside of the attacker's tenant.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Managed Instance for Apache Cassandra: before 5.0
CPE2.3 External linkshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38175
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
