CVE-2024-38179 HIGH

CVE-2024-38179: Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability

Vendor Microsoft
Product Azure Stack HCI OS
Weakness CWE-862 · Missing authorization
Published October 8, 2024
Last update June 9, 2026
View on NVD All CVEs

CVSS base score

8.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C

What the vulnerability does

01Description

Azure Stack Hyperconverged Infrastructure (HCI) Elevation of Privilege Vulnerability

Key dates

02Disclosure timeline

October 8, 2024 CVE published
June 9, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-45399 Open WebUI: Low-privilege authenticated users can enumerate and stop global background tasks, causing system-wide chat disruption CVE-2024-32724 WordPress SharkDropship and Affiliate for AliExpress, eBay, Amazon, Etsy plugin <= 2.1.1 - Arbitrary Content Deletion vulnerability CVE-2025-31870 WordPress WP AutoKeyword plugin <= 1.0 - Arbitrary Content Deletion vulnerability CVE-2023-0447 My YouTube Channel <= 3.0.12.1 - Missing Authorization CVE-2024-24718 WordPress PropertyHive plugin <= 2.0.6 - Missing Authorization to Non-Arbitrary Plugin Installation vulnerability