What is the severity of CVE-2024-21400?

CVE-2024-21400 is rated as an elevation of privilege vulnerability that could allow an attacker to perform unauthorized actions in Microsoft Azure Kubernetes Service Confidential Containers.

How do I fix CVE-2024-21400?

To fix CVE-2024-21400, update your Azure Kubernetes Service Confidential Containers and Azure CLI to the latest version recommended by Microsoft.

Is CVE-2024-21400 being actively exploited?

As of now, there have been no public reports indicating that CVE-2024-21400 is actively being exploited in the wild.

What impact could CVE-2024-21400 have on my environment?

If exploited, CVE-2024-21400 could lead to unauthorized access and execution of malicious activities within your Azure Kubernetes Service environment.

Vulnerability/
CVE-2024-21400

critical

CWE

119 79 89 20 94 22

EPSS

0.091%

12/3/2024

31/12/2024

CVE-2024-21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Q: What versions of Azure Kubernetes Service are affected by CVE-2024-21400?

CVE-2024-21400 affects versions of Azure Kubernetes Service Confidential Containers prior to the applied security updates.

First published: Tue Mar 12 2024(Updated: )

Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Azure Kubernetes Service Confidential Containers		fix available externally
Microsoft Confidental Containers Azure Cli	<0.3.3

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

Frequently Asked Questions

What is the severity of CVE-2024-21400?
CVE-2024-21400 is rated as an elevation of privilege vulnerability that could allow an attacker to perform unauthorized actions in Microsoft Azure Kubernetes Service Confidential Containers.
How do I fix CVE-2024-21400?
To fix CVE-2024-21400, update your Azure Kubernetes Service Confidential Containers and Azure CLI to the latest version recommended by Microsoft.
What versions of Azure Kubernetes Service are affected by CVE-2024-21400?
CVE-2024-21400 affects versions of Azure Kubernetes Service Confidential Containers prior to the applied security updates.
Is CVE-2024-21400 being actively exploited?
As of now, there have been no public reports indicating that CVE-2024-21400 is actively being exploited in the wild.
What impact could CVE-2024-21400 have on my environment?
If exploited, CVE-2024-21400 could lead to unauthorized access and execution of malicious activities within your Azure Kubernetes Service environment.

agent/title
agent/type
collector/msrc-cve
source/Microsoft
agent/first-publish-date
agent/description
agent/software-canonical-lookup
collector/msrc
agent/author
collector/the-register
source/The Register
alias/CVE-2024-21407
alias/CVE-2024-21408
alias/CVE-2024-21334
alias/CVE-2024-21400
alias/CVE-2023-32666
alias/CVE-2023-32282
alias/CVE-2024-2193
alias/CVE-2023-20214
alias/CVE-2024-20337
alias/CVE-2024-0039
alias/CVE-2024-23717
alias/CVE-2023-42789
alias/CVE-2023-42790
alias/CVE-2023-48788
alias/CVE-2023-47534
alias/CVE-2023-36554
alias/CVE-2024-23112
alias/CVE-2023-46717
agent/references
agent/news-ai
agent/severity
collector/epss-latest
source/FIRST
agent/epss
agent/weakness
agent/remedy
collector/nvd-api
source/NVD
agent/software-canonical-lookup-request
agent/softwarecombine
agent/event
agent/trending
agent/tags
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
vendor/microsoft
canonical/microsoft azure kubernetes service confidential containers
canonical/microsoft confidental containers azure cli