Impact
Improper access control in Azure Arc enables an unauthorized attacker to elevate privileges over a network, allowing them to perform actions that require higher permissions within Azure Arc.
Affected Systems
Microsoft Azure Arc is affected. No specific version information is available in the provided data.
Risk and Exploitability
The CVSS score of 8.6 indicates a high severity vulnerability. With an EPSS score of 2%, the likelihood of exploitation remains low, and the vulnerability is not listed in CISA KEV catalog. The attack vector is inferred to be network-based, as the description states the attacker must be able to reach Azure Arc over a network to exploit improper access controls.
OpenCVE Enrichment