CVE-2024-21638
AZURE IPAM UP TO 2.X PRIVILEGES MANAGEMENT
DESCRIPTION
CCVE-2024-21638 is a critical vulnerability discovered in Azure IPAM (IP Address Management) up to version 2.x. The vulnerability affects certain unspecified processes and is categorized as critical. The main issue stems from improper privilege management.
Azure IPAM is a lightweight solution built on the Azure platform designed to assist Azure customers in managing their IP address spaces easily and effectively. By design, there is no write access to the customer's Azure environment because the Service Principal used is only granted the Reader role at the top-level Management Group. However, previously, the solution lacked validation of the passed authentication token, which could allow attackers to impersonate high-privileged users to access data stored within the IPAM instance and subsequently from Azure, leading to elevation of privilege.
The vulnerability is identified as CVE-2024-21638. Attacks can be initiated remotely. This CVE has a CVSS3.1 score of 9.1 and a very high base severity level of CRITICAL.
Base Score: 9.1 (CRITICAL) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
AFFECTED SYSTEMS
In the context of Azure IPAM up to version 2.x, this vulnerability may affect all systems or instances running that version of the software.
VULNERABILITY IMPACT
The vulnerability CVE-2024-21638 has the potential to have serious impacts on the security of systems and data managed using Azure IPAM up to version 2.x. Some potential impacts that may occur due to this vulnerability include:
• Elevation of Privilege: Attackers can exploit this vulnerability to gain higher privileges than they should have. By impersonating users with high privileges, attackers may attempt actions they should not, such as accessing or modifying protected data.
• Unauthorized Access to Data: Since this vulnerability can allow attackers to impersonate users with high privileges, there is a potential for unauthorized access to data stored in the IPAM instance and possibly related data in Azure. This could include sensitive information, network configurations, and other data that should only be accessible to authorized parties.
• Remote Exploitation Potential: The vulnerability can be exploited remotely, meaning attackers do not need to be in the same physical network as the affected system. This increases the security risk as it allows attackers to exploit the vulnerability without requiring direct access to the physical system.
RECOMMENDATIONS
The vulnerability has been addressed in version 3.0.0 of Azure IPAM. The identification for this vulnerability is CVE-2024-21638. Attacks can be initiated remotely.
Since this vulnerability has been identified and fixed, it is highly recommended to promptly update to the latest version (3.0.0) to mitigate the potential exploitation of this vulnerability.