CVE-2024-49035

Published Nov 26, 2024

Last updated a month ago

Exploit knownCVSS high 8.7

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2024-49035 is an improper access control vulnerability found in Microsoft Partner Center (partner.microsoft.com). This flaw allows unauthenticated attackers to gain elevated privileges over a network. The vulnerability was disclosed by Microsoft in November 2024. Microsoft credited Gautam Peri, Apoorv Wadhwa, and an anonymous researcher for reporting the vulnerability. The Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities Catalog, indicating it has been observed being actively exploited in the wild.

Description
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network.
Source
secure@microsoft.com
NVD status
Analyzed
CNA Tags
exclusively-hosted-service

Risk scores

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
Microsoft Partner Center Improper Access Control Vulnerability
Exploit added on
Feb 25, 2025
Exploit action due
Mar 18, 2025
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

secure@microsoft.com
CWE-269
nvd@nist.gov
NVD-CWE-Other

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/fsiCPwS00I…)

    @nathy_hackers

    1 Apr 2025

    4 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/Uld9sf1RzZ…)

    @John08987

    31 Mar 2025

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/eL6mIN6wAi…)

    @digital_hack6

    27 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/UFdvAPacWg…)

    @recoverythreata

    27 Mar 2025

    30 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/28uWAZuGes…)

    @EthicalHack21

    23 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/zzUxb93uRV…)

    @Cyber_Recover12

    22 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/zzUxb93uRV…)

    @Cyber_Recover12

    21 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/NIu1skgdgd…)

    @JOE_HACKER1

    20 Mar 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  9. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/aTTn63279U…)

    @Mr_James_Cyber

    20 Mar 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/aTTn63279U…)

    @Mr_James_Cyber

    20 Mar 2025

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  11. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/5EhdO34zav…)

    @Recoverytheate

    20 Mar 2025

    59 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/NIu1skgdgd…)

    @JOE_HACKER1

    20 Mar 2025

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/fU7P8x4DGz…)

    @Herbert_Termux

    19 Mar 2025

    98 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/EWaMDc2cR9…)

    @help_center11

    11 Mar 2025

    53 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/JVRhmHVpR1…)

    @savana_recovery

    10 Mar 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    10 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  17. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    10 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  18. Actively exploited CVE : CVE-2024-49035, CVE-2023-34192

    @transilienceai

    9 Mar 2025

    73 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  19. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    9 Mar 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  20. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    8 Mar 2025

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  21. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    7 Mar 2025

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  22. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    7 Mar 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  23. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    5 Mar 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  24. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    4 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  25. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    3 Mar 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  26. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    2 Mar 2025

    13 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  27. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    1 Mar 2025

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  28. Actively exploited CVE : CVE-2024-49035, CVE-2023-34192

    @transilienceai

    28 Feb 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  29. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    28 Feb 2025

    6 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  30. Actively exploited CVE : CVE-2024-49035, CVE-2023-34192

    @transilienceai

    28 Feb 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  31. CISA (U.S. Cybersecurity Agency) has warned that two dangerous vulnerabilities are being actively used in attacks: 1. Microsoft Partner Center flaw (CVE-2024-49035) 2. Synacor Zimbra Collaboration Suite flaw (CVE-2023-34192) 📖 Full details here: (https://t.co/6jycjWiyri…)

    @AdrianT_ech

    27 Feb 2025

    45 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  32. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    27 Feb 2025

    12 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  33. 🚨 Security Alert: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Microsoft's Partner Center (CVE-2024-49035) to its Known Exploited Vulnerabilities Catalog, citing active exploitation.

    @allnewsjack

    27 Feb 2025

    97 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    1 Reply

    0 Quotes

  34. Latest Known Exploited Vulnerabilities (#KEV) : #CVE-2024-49035 #Microsoft Partner Center Improper Access Control Vulnerability https://t.co/7gRaVEBjse

    @ScyScan

    26 Feb 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  35. ⚠️ Vulnerability Alert: Microsoft Partner Center Privilege Escalation Vulnerability 📅 Timeline: Disclosed: 2024-11-01, Patched: November 2024 📌 Attribution: CISA confirmed active exploitation 🆔 CVE ID: CVE-2024-49035 📊 Base Score: 9.8 📏 CVSS Metrics:… https://t.co/

    @syedaquib77

    26 Feb 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  36. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    26 Feb 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  37. csirt_it: ‼️ #Microsoft: rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2024-49035 – già sanata dal vendor – relativa al prodotto #MicrosoftPartnerCenter Rischio: 🟠 Tipologia: 🔸 Elevation of Privilege 🔗 https://t.co/pl4YPcJh9B 🔄 … https://t.co/O9etfvly4q

    @Vulcanux_

    26 Feb 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  38. 🚨CVE Alert: Microsoft Partner Center Improper Access Control Vulnerability Exploited In The Wild🚨 Vulnerability Details: CVE-2024-49035 (8.7/10) Microsoft Partner Center Improper Access Control Vulnerability Impact A Successful exploit may allow an a unauthenticated attacker

    @CyberxtronTech

    26 Feb 2025

    57 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  39. 🔐 CISA has just added two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog—both actively exploited. Hook: Microsoft Partner Center’s CVE-2024-49035 and Synacor ZCS’s CVE-2023-34192 are putting organizations at risk. Read the full article:… https://

    @TheHackersNews

    26 Feb 2025

    34078 Impressions

    31 Retweets

    89 Likes

    11 Bookmarks

    1 Reply

    0 Quotes

  40. Actively exploited CVE : CVE-2024-49035

    @transilienceai

    26 Feb 2025

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    1 Reply

    0 Quotes

  41. Microsoft patches 4 critical security flaws, including one exploited in the wild (CVE-2024-49035). Fixes for Power Apps, Copilot Studio, Azure, & Dynamics 365 are available. Update your apps! #Cyber https://t.co/UlmlJ9X7ts

    @TLDRStories

    3 Dec 2024

    41 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  42. Here are some notable updates in information security: Vulnerabilities and Patches - Microsoft addressed critical security flaws in its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already being exploited in the wild. - Palo Alto Networks patched… https://t.

    @johnmstark

    1 Dec 2024

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  43. Alerte ! Microsoft corrige les failles de sécurité dans l'IA, le Cloud et l'ERP, dont une exploitée activement. La vulnérabilité CVE-2024-49035 est évaluée à 8.7 CVSS. Analyse pour les Analystes Sécurité #Cybersecurite #ExploitZeroDay 👉 https://t.co/KTKvSrZsV4

    @CyberAlertFr

    30 Nov 2024

    3 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  44. 🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild. Get the full details — https://t.co/7GgYxWYC7R

    @ExposinKingfish

    29 Nov 2024

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  45. The vulnerability that has been tagged with an "Exploitation Detected" assessment is CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw in partner[.]microsoft[.]com. https://t.co/BFCQ0CXjuD

    @jbhall56

    29 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  46. Microsoft fixed four security flaws impacting its artificial intelligence (AI), cloud, enterprise resource planning, and Partner Center, including one that has been exploited in the wild, CVE-2024-49035 (CVSS score: 8.7), a privilege escalation flaw. https://t.co/90MReKOtwM https

    @riskigy

    29 Nov 2024

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  47. Phishing-as-a-Service e vulnerabilità nei servizi Microsoft Sicurezza Informatica, CVE-2024-49035, FUD, Microsoft, Phishing-as-a-Service, QR phishing, Rockstar 2FA, sicurezza cloud, vulnerabilità https://t.co/PR2PLTu71O https://t.co/z9eOBy900f

    @matricedigitale

    29 Nov 2024

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  48. 🚨 Microsoft just addressed critical security flaws impacting its AI, cloud, and ERP offerings, with one flaw (CVE-2024-49035) already exploited in the wild. Get the full details — https://t.co/ieHHnTJkAb #cybersecurity #infosec

    @TheHackersNews

    29 Nov 2024

    10007 Impressions

    38 Retweets

    62 Likes

    8 Bookmarks

    1 Reply

    0 Quotes

  49. 🧐 Exploited: Yes Exploitability assessment:Exploitation Detected CVE-2024-49035 - Security Update Guide - Microsoft - Partner .Microsoft .Com Elevation of Privilege Vulnerability https://t.co/dZj7l2WlmU

    @autumn_good_35

    28 Nov 2024

    106 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  50. We have just added an important vulnerability affecting Microsoft Partner Center (CVE-2024-49035) https://t.co/CZ7zweRJYI

    @vuldb

    27 Nov 2024

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References