CVE-2024-43469

Summary

Azure CycleCloud Remote Code Execution Vulnerability

Affected Software

VendorProductVersion RangeStatus
MicrosoftAzure CycleCloud 8.2.08.2.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.0.08.0.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.6.08.6.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.0.18.0.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.0.28.0.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.1.08.1.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.1.18.1.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.2.28.2.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.2.18.2.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.3.08.3.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.4.08.4.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.4.18.4.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.4.28.4.0 < 8.6.4affected
MicrosoftAzure CycleCloud 8.5.08.5.0 < 8.6.4affected
MicrosoftAzure CycleCloud8.6.0 < 8.6.4affected
MicrosoftAzure CycleCloud8.6.3 < 8.6.4affected

Weaknesses

  • CWE-94: CWE-94: Improper Control of Generation of Code ('Code Injection')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References