Microsoft Azure File Sync Elevation of Privilege Vulnerability - CVE-2024-21397ID: oval:org.secpod.oval:def:97968 | Date: (C)2024-02-14 (M)2024-04-17 |
Class: VULNERABILITY | Family: windows |
The host is installed with Azure File Sync Agent 4.x before 16.2.0 or 17.x before 17.1 and is prone to an elevation of privilege vulnerability. A flaw is present in the applications which fails to properly handle unspecified vectors. Successful exploitation allows attackers to create new files in directories they do not normally have access to.
Platform: |
Microsoft Windows Server 2022 |
Microsoft Windows Server 2016 |
Microsoft Windows Server 2019 |
Microsoft Windows Server 2012 R2 |
Product: |
Azure File Sync Agent |