CVE-2024-43591: 
Azure CLI vulnerability analysis and mitigation

The Azure Command Line Integration (CLI) Elevation of Privilege Vulnerability (CVE-2024-43591) was disclosed on October 8, 2024. This vulnerability affects Microsoft Azure CLI and Azure Service Connector versions prior to 2.65.0. The vulnerability has been assigned a Critical severity rating with a CVSS v3.1 base score of 9.1 (NVD).

The vulnerability is classified as CWE-77 (Improper Neutralization of Special Elements used in a Command Injection) by Microsoft. It received a CVSS v3.1 base score of 9.1 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H, indicating network attack vector, low attack complexity, high privileges required, no user interaction needed, changed scope, and high impact on confidentiality, integrity, and availability (NVD).

The vulnerability can potentially lead to elevation of privilege in Azure CLI environments. The CVSS metrics indicate that successful exploitation could result in high impacts on system confidentiality, integrity, and availability, with the potential for scope change beyond the vulnerable component (NVD).

Microsoft has addressed this vulnerability in Azure CLI and Azure Service Connector version 2.65.0. Users are advised to upgrade to this version or later to mitigate the vulnerability (NVD).