प्लेटफ़ॉर्म
other
घटक
ipam
में ठीक किया गया
3.0.1
CVE-2024-21638 describes a critical authentication bypass vulnerability in Azure IPAM (≤ 3.0.0). This flaw allows attackers to impersonate privileged users, potentially gaining unauthorized access to sensitive data stored within the IPAM instance and, critically, to Azure resources. Microsoft has released version 3.0.0 to address this vulnerability, and immediate patching is strongly recommended.
The impact of CVE-2024-21638 is severe due to the potential for privilege escalation and data exfiltration. An attacker exploiting this vulnerability could impersonate an administrator within Azure IPAM, gaining access to IP address management data. More concerningly, the vulnerability could be leveraged to access underlying Azure resources, potentially leading to data breaches, service disruption, and unauthorized modifications to the Azure environment. While the service principal used by Azure IPAM is designed with limited permissions (Reader role at the root Management Group), the authentication bypass effectively circumvents these controls, allowing an attacker to act as a privileged user.
This vulnerability was publicly disclosed on January 10, 2024. The CVSS score of 9.1 (CRITICAL) reflects the high severity and ease of exploitation. There are currently no known public exploits, but the critical nature of the vulnerability and the potential for significant impact suggest a high probability of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations heavily reliant on Azure IPAM for managing their IP address space are at significant risk. Environments with limited network segmentation or overly permissive user permissions within Azure IPAM are particularly vulnerable. Shared hosting environments utilizing Azure IPAM also face increased risk due to the potential for cross-tenant exploitation.
• windows / supply-chain: Monitor Azure IPAM logs for failed authentication attempts followed by successful logins from the same source IP address. Use PowerShell to check for unusual scheduled tasks or processes related to Azure IPAM.
Get-ScheduledTask | Where-Object {$_.TaskName -like "*AzureIPAM*"}• linux / server: Examine Azure IPAM logs for suspicious authentication patterns. Use journalctl to filter for authentication failures and successes.
journalctl -u azure-ipam -f | grep -i authentication• generic web: Monitor Azure IPAM endpoint access logs for unusual traffic patterns or requests from unauthorized IP addresses. Check response headers for unexpected content or errors.
disclosure
एक्सप्लॉइट स्थिति
EPSS
3.55% (88% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2024-21638 is to immediately upgrade Azure IPAM to version 3.0.0 or later. If upgrading is not immediately feasible, consider implementing stricter network segmentation to limit access to the Azure IPAM instance. Review and audit existing Azure IPAM user permissions to ensure least privilege principles are enforced. Monitor Azure IPAM logs for any suspicious activity, particularly authentication attempts from unexpected sources. While a WAF or proxy cannot directly prevent this authentication bypass, they can be configured to monitor for unusual traffic patterns associated with potential exploitation attempts.
Azure IPAM समाधान को संस्करण 3.0.0 या बाद के संस्करण में अपडेट करें। इस संस्करण में सुरक्षा सुधार शामिल है जो प्रमाणीकरण टोकन को सही ढंग से मान्य करता है, विशेषाधिकारों के उन्नयन को रोकता है। अपडेट के बारे में अधिक जानकारी के लिए Azure सुरक्षा सलाहकार देखें।
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2024-21638 is a critical vulnerability in Azure IPAM (versions ≤ 3.0.0) that allows attackers to bypass authentication and impersonate privileged users, potentially accessing sensitive data and Azure resources.
If you are using Azure IPAM version 3.0.0 or earlier, you are potentially affected by this vulnerability. Immediate action is required to mitigate the risk.
The recommended fix is to upgrade Azure IPAM to version 3.0.0 or later. If upgrading is not immediately possible, implement stricter network segmentation and review user permissions.
While there are currently no known public exploits, the critical nature of the vulnerability suggests a high probability of exploitation. Continuous monitoring is essential.
Refer to the official Microsoft Security Update Guide for CVE-2024-21638: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21638
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।