PT-2024-4309 · Microsoft · Azure File Sync

3Wyeye5

Published

2024-06-11

Updated

2024-06-20

CVE-2024-35253

CVSS v3.1

4.4

Medium

Vector

AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Microsoft Azure File Sync (affected versions not specified)

Description The issue is related to an elevation of privilege vulnerability in Microsoft Azure File Sync. It involves incorrect handling of symbolic links before accessing a file, which could allow an attacker to bypass existing security restrictions and elevate their privileges.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

BDU:2024-04797

CVE-2024-35253

Affected Products

Azure File Sync

PT-2024-4309 · Microsoft · Azure File Sync

CVE-2024-35253

Weakness Enumeration

Related Identifiers

Affected Products

References · 5