10 matches found
CVE-2024-21329
CVE-2024-21329 affects Microsoft Azure Connected Machine Agent. Connected docs identify an elevation-of-privilege issue in the Azure Connected Machine Agent (root cause described by PT-2024-1823 as a symbolic link tracking vulnerability). CVSS indicates local access with low attack complexity and...
CVE-2024-38162
CVE-2024-38162 concerns the Azure Connected Machine Agent with an Elevation of Privilege vulnerability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a local-exploit, low-privilege requirement leading to high impact on confidentiality, integrity, and availability. Multiple s...
CVE-2024-38098
CVE-2024-38098 (Azure Connected Machine Agent Elevation of Privilege) affects the Azure Connected Machine Agent. Reported CVSSv3.1 base score 7.8 (LOCAL, LOW Privileges, NONE user interaction; Confidentiality/Integrity/Availability HIGH). Connected documents indicate an elevation-of-privilege fla...
CVE-2023-35624
Azure Connected Machine Agent contains an Elevation of Privilege vulnerability (CVE-2023-35624). Affected: Azure Connected Machine Agent on Windows. Root cause: insufficient access control enabling a local attacker with LOW privileges and user interaction to escalate to HIGH privileges (CVSSv3.1:...
CVE-2026-40381
CVE-2026-40381: Improper access control in the Azure Connected Machine Agent enables a locally authenticated attacker to elevate privileges. The vulnerability affects the Azure Connected Machine Agent; attacker must have local access and low privileges, with no user interaction required. The CVSS...
CVE-2025-49692
CVE-2025-49692 describes an elevation of privilege vulnerability in the Azure Connected Machine Agent (Azure Windows Virtual Machine Agent). The issue is due to improper access control, allowing an authorized attacker with local access and low user interaction to gain total impact (high confident...
CVE-2026-21224
CVE-2026-21224 is a stack-based buffer overflow in the Microsoft Azure Connected Machine Agent that permits an authorized local attacker to elevate privileges on the host. The vulnerability is tied to the Azure Connected Machine Agent, with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL, LOW-Comp...
CVE-2025-55316
CVE-2025-55316 is an elevation-of-privilege vulnerability in Microsoft Azure Arc/Azure Connected Machine Agent. External control of a file name or path is the root cause, enabling an authorized local attacker to obtain higher privileges on the affected host. The CVE is reflected in multiple feeds...
CVE-2025-47989
Azure Connected Machine Agent suffers an improper access control flaw that allows an authorized, locally situated attacker to elevate privileges. Affected component: Azure Connected Machine Agent; root cause is access-control misimplementation. Impact per CVSS indicates high confidentiality, inte...
CVE-2025-58724
CVE-2025-58724 : Affects Azure Connected Machine Agent. Description confirms an improper access control flaw that enables an authorized local attacker to escalate privileges. CVSS v3.1/3.1 base score 7.8 (HIGH) with local, low complexity, and no user interaction requirements; impact on confidenti...