Azure Managed Instance for Apache Cassandra Elevation of Privilege Vu…

…lnerability - 20240822002
LSerki · Aug 22, 2024 · ed6d716 · ed6d716
1 parent 2a52534
commit ed6d716
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/...e-Managed-Instance-for-Apache-Cassandra-Elevation-of-Privilege-Vulnerability.md b/...e-Managed-Instance-for-Apache-Cassandra-Elevation-of-Privilege-Vulnerability.md
@@ -0,0 +1,18 @@
+# Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability - 20240822002
+
+## Overview
+
+Microsoft publishes critical advisory for Azure Managed Instance for Apache Cassandra Elevation of Privilege Vulnerability. An improper access control vulnerability in the Azure Managed Instance for Apache Cassandra allows an authenticated attacker to elevate privileges over a network.
+
+## What is vulnerable?
+
+| Product(s) Affected | Version(s) | CVE                                                                                                                                       | CVSS          | Severity                                                         |
+| ------------------- | ---------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ---------------------------------------------------------------- |
+| Azure Managed Instance for Apache Cassandra     | clusters updated before 20th August 2024    | [CVE-2024-38175](https://www.cve.org/CVERecord?id=CVE-2024-38175)                                                                         | 9.6           | **Critical**                                     |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of *one month...* (refer [Patch Management](../guidelines/patch-management.md)):
+
+- https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38175
+