CVE-2024-21400 is a privilege escalation vulnerability that rates a CVSS score of 9.0.
The bug in Microsoft’s Azure Kubernetes Service Confidential Container could allow an unauthenticated attacker to steal credentials to take over “confidential guests and containers beyond the network stack it might be bound to”.
While specific threat actors exploiting CVE-2024-21400 remain unidentified, groups like APT28 have history in NTLM relay attacks.
NTLM relay attacks involve coercing a network device, such as servers or domain controllers, to authenticate with an NTLM relay server controlled by the attacker. This manipulation allows the attacker to impersonate the authenticated device, thereby gaining elevated privileges.
For education purposes only. Copies are limited.