Protect your Azure IP Address Management Data – Vulnerability Found in Azure IPAM Tool

CVECVE-2024-21638
CVSScvssV3_1: 9.1
SourceCVE-2024-21638

Azure IPAM is a tool used by Azure customers to easily manage their IP address space within Azure. Researchers recently discovered a vulnerability in older versions of Azure IPAM that could allow attackers to access sensitive data.

The vulnerability was due to a lack of validation of authentication tokens passed to the IPAM service. An attacker could potentially impersonate privileged Azure users and access IP address data stored within an organization’s IPAM instance. This could lead to sensitive information being viewed or modified without authorization.

Attackers exploited this by generating fake authentication tokens for high-level Azure accounts, like those with read/write access to the entire management group. They would then pass these tokens to the IPAM service to gain elevated access.

If you use Azure IPAM to manage your IP addresses, be sure to update to the latest version (3.0.0 or higher) as soon as possible. This fixes the validation issue and prevents unauthorized access to your IPAM data. You should also closely monitor your Azure activity for any suspicious or unauthorized access attempts during the period the vulnerability was present.

Staying on top of software updates is key to protecting your cloud infrastructure and sensitive data from exploitation. Be vigilant and always verify the source of update notifications before taking action.

References