Home > Vulnerability Database > CVE-2024-21638

Mend.io Vulnerability Database

CVE-2024-21638

Good to know:

Date: January 10, 2024

Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0.

Language: Python

Severity Score

9.8

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-21638

Url: https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f

Url: https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6

Url: https://github.com/Azure/ipam/pull/218

Url: https://www.mend.io/vulnerability-database/CVE-2024-21638

Severity Score

9.8

Weakness Type (CWE)

Authentication Issues

CWE-287

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version 3.0.0

Learn More

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-21638

Good to know:

Date: January 10, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?