Lucene search
K
MicrosoftAzure Connected Machine Agent

10 matches found

CVE
CVE
added 2024/02/13 6:2 p.m.210 views

CVE-2024-21329

CVE-2024-21329 affects Microsoft Azure Connected Machine Agent. Connected docs identify an elevation-of-privilege issue in the Azure Connected Machine Agent (root cause described by PT-2024-1823 as a symbolic link tracking vulnerability). CVSS indicates local access with low attack complexity and...

7.3CVSS7.6AI score0.01088EPSS
CVE
CVE
added 2024/08/13 5:30 p.m.97 views

CVE-2024-38162

CVE-2024-38162 concerns the Azure Connected Machine Agent with an Elevation of Privilege vulnerability. The CVSS 3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates a local-exploit, low-privilege requirement leading to high impact on confidentiality, integrity, and availability. Multiple s...

7.8CVSS7.7AI score0.00513EPSS
CVE
CVE
added 2024/08/13 5:29 p.m.91 views

CVE-2024-38098

CVE-2024-38098 (Azure Connected Machine Agent Elevation of Privilege) affects the Azure Connected Machine Agent. Reported CVSSv3.1 base score 7.8 (LOCAL, LOW Privileges, NONE user interaction; Confidentiality/Integrity/Availability HIGH). Connected documents indicate an elevation-of-privilege fla...

7.8CVSS7.7AI score0.00632EPSS
CVE
CVE
added 2023/12/12 6:10 p.m.66 views

CVE-2023-35624

Azure Connected Machine Agent contains an Elevation of Privilege vulnerability (CVE-2023-35624). Affected: Azure Connected Machine Agent on Windows. Root cause: insufficient access control enabling a local attacker with LOW privileges and user interaction to escalate to HIGH privileges (CVSSv3.1:...

7.3CVSS7.3AI score0.00875EPSS
CVE
CVE
added 2026/05/12 4:59 p.m.45 views

CVE-2026-40381

CVE-2026-40381: Improper access control in the Azure Connected Machine Agent enables a locally authenticated attacker to elevate privileges. The vulnerability affects the Azure Connected Machine Agent; attacker must have local access and low privileges, with no user interaction required. The CVSS...

7.8CVSS5.8AI score0.00219EPSS
CVE
CVE
added 2025/09/09 5:1 p.m.42 views

CVE-2025-49692

CVE-2025-49692 describes an elevation of privilege vulnerability in the Azure Connected Machine Agent (Azure Windows Virtual Machine Agent). The issue is due to improper access control, allowing an authorized attacker with local access and low user interaction to gain total impact (high confident...

7.8CVSS6.4AI score0.00319EPSS
CVE
CVE
added 2026/01/13 5:56 p.m.36 views

CVE-2026-21224

CVE-2026-21224 is a stack-based buffer overflow in the Microsoft Azure Connected Machine Agent that permits an authorized local attacker to elevate privileges on the host. The vulnerability is tied to the Azure Connected Machine Agent, with a CVSS v3.1 base score of 7.8 (HIGH) and LOCAL, LOW-Comp...

7.8CVSS7AI score0.00304EPSS
CVE
CVE
added 2025/09/09 5:1 p.m.35 views

CVE-2025-55316

CVE-2025-55316 is an elevation-of-privilege vulnerability in Microsoft Azure Arc/Azure Connected Machine Agent. External control of a file name or path is the root cause, enabling an authorized local attacker to obtain higher privileges on the affected host. The CVE is reflected in multiple feeds...

7.8CVSS6.4AI score0.00333EPSS
CVE
CVE
added 2025/10/14 5:0 p.m.28 views

CVE-2025-47989

Azure Connected Machine Agent suffers an improper access control flaw that allows an authorized, locally situated attacker to elevate privileges. Affected component: Azure Connected Machine Agent; root cause is access-control misimplementation. Impact per CVSS indicates high confidentiality, inte...

7CVSS6.5AI score0.00514EPSS
CVE
CVE
added 2025/10/14 5:1 p.m.28 views

CVE-2025-58724

CVE-2025-58724 : Affects Azure Connected Machine Agent. Description confirms an improper access control flaw that enables an authorized local attacker to escalate privileges. CVSS v3.1/3.1 base score 7.8 (HIGH) with local, low complexity, and no user interaction requirements; impact on confidenti...

7.8CVSS6.5AI score0.00534EPSS