Описание
Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
Меры по смягчению последствий
Azure Guest Configuration and Azure Arc are only affected by this vulnerability if they are running on Linux platforms as follows:
| Product | Platform |
|---|---|
| Azure Arc-enabled servers | Linux |
| Azure Guest Configuration | Guest Configuration Linux Extension |
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited the vulnerability could replace Microsoft-shipped code with their own code, which would then be run as root in the context of a Guest Configuration daemon. On an Azure VM with the Guest Configuration Linux Extension installed, this would run in the context of the GC Policy Agent daemon. On an Azure Arc-enabled server, it could run in the context of the GC Arc Service or Extension Service daemons.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure ARC | ||
| Azure Guest Configuration |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability
Azure Guest Configuration and Azure Arc-enabled servers Elevation of Privilege Vulnerability.
Уязвимость компонента Azure Guest Configuration службы создания, назначения и управления определениями политик Azure Policy и платформы управления Azure Arc, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3