Описание
Azure Site Recovery Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
No special privileges are required to exploit this vulnerability. An attacker needs to have network connectivity to the replication appliance.
What is Azure Site Recovery?
Azure Site Recovery helps ensure business continuity by keeping business apps and workloads running during outages. It is a service but also has a few on-premise components. Please visit this link for more details: About Azure Site Recovery - Azure Site Recovery
To what scenario does this vulnerability apply?
This vulnerability applies to a VMWare-to-Azure scenario. Please visit this link for more details: VMware VM disaster recovery architecture in Azure Site Recovery - Classic - Azure Site Recovery.
What can I do to protect myself from this vulnerability?
You can follow the steps here (Update rollup 60 for Azure Site Recovery -K5011122) to update to version 9.47.
What could an attacker do with the exposed credentials?
An attacker could call Azure Site Recovery APIs provided by the Configuration Server and in turn get access to configuration data including credentials for the protected systems. Using the APIs, the attacker could also modify or delete configuration data which in turn will impact Site Recovery operation.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Site Recovery VMWare to Azure |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
8.1 High
CVSS3
Связанные уязвимости
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24506, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519.
Уязвимость средства аварийного восстановления Azure Site Recovery, связанная с недостаточной защитой регистрационных данных, позволяющая нарушителю повысить свои привилегии
EPSS
8.1 High
CVSS3