Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

msrc логотип

CVE-2021-27075

Опубликовано: 09 мар. 2021
Источник: msrc
CVSS3: 6.8
EPSS Низкий

Описание

Azure Virtual Machine Information Disclosure Vulnerability

FAQ

What type of information could be disclosed by this vulnerability?

Exploiting this vulnerability could allow a low privileged user to gain virtual machine credentials as well as credentials to extensions associated with the virtual machine.

What are some of the services affected by this vulnerability?

The following table lists some of the affected services, and the changes associated with the remedy for this vulnerability:

Affected ProductRemedyAction on customers
Azure Container InstanceThe ability for containers to be able to talk to the metadata and wireserver endpoints was disabled as part of this release. The underlying platform now applies network ACLs to block the outgoing traffic to those services.None
Azure Service FabricThe ability to block containers access the metadata and wireserver endpoints has been made available in the calendar year 2022. The underlying platform allows applying network ACLs to block the outgoing traffic to those services.Customers can disable access by setting the BlockAccessToWireServer feature flag to "True" in their Service Fabric cluster definition.
Azure Kubernetes ServiceContainers not running in host network can no longer access wireserver since node image 2020.10.15.Customers running image version below 2020.10.15 should update to this version or a later version. See the Security Updates table for the link to updating instructions.
Azure Container RegistryThe ability for containers running on ACR Tasks to access wireserver was blocked as a part of this release.None
Azure Spring CloudThe ability for containers to be able to talk to the wireserver endpoints was disabled as part of this release.None

Обновления

ПродуктСтатьяОбновление
Azure Kubernetes Service
Release Notes
Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

No

Exploited

No

Latest Software Release

Exploitation Less Likely

Older Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 64%
0.00478
Низкий

6.8 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2021-27075

CVSS3: 6.8
nvd
почти 5 лет назад

Azure Virtual Machine Information Disclosure Vulnerability

github логотип

GHSA-559g-xmx4-7w7v

CVSS3: 6.8
github
больше 3 лет назад

Azure Virtual Machine Information Disclosure Vulnerability

fstec логотип

BDU:2021-01362

CVSS3: 6.8
fstec
почти 5 лет назад

Уязвимость программных продуктов Azure Container Instance, Azure Service Fabric, Azure Kubernetes Service, Azure Container Registry, Azure Spring Cloud, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 64%
0.00478
Низкий

6.8 Medium

CVSS3