The host is installed with Azure Connected Machine agent before 1.37 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to handle unspecified vectors. Successful exploitation allows attackers to add symlinks and cause an arbitrary file delete as SYSTEM.