CVE-2024-38195

Summary

Azure CycleCloud Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftAzure CycleCloud 8.2.08.2.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.0.08.0.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.6.08.6.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.0.18.0.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.0.28.0.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.1.08.1.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.1.18.1.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.2.28.2.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.2.18.2.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.3.08.3.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.4.08.4.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.4.18.4.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.4.28.4.0 < 8.6.3affected
MicrosoftAzure CycleCloud 8.5.08.5.0 < 8.6.3affected
MicrosoftAzure CycleCloud8.6.0 < 8.6.3affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References