CVE-2023-21703

Опубликовано: 14 фев. 2023

Источник: msrc

CVSS3: 6.5

EPSS Низкий

Описание

Azure Data Box Gateway Remote Code Execution Vulnerability

FAQ

According to the CVSS metric, privileges required is high (PR:H). What privileges are needed by the attacker and how are they used in the context of the remote code execution?

To successfully exploit this vulnerability, the attacker must have EdgeUser access.

The EdgeUser is the core user used to perform management operations on the DBG device. They can perform actions like modifying network settings, configuring web proxy, configure cloud connectivity, shutdown/restart the appliance and trigger DBG updates via side-load mechanism and even factory reset the appliance (factory reset is an operation which wipes existing data and brings the appliance to a factory default state).

Обновления

Продукт	Статья	Обновление
Azure Stack Edge	Release Notes Release Notes	Update Guidance Download Guidance
Azure Data Box Gateway	Release Notes	Security Update

Показывать по

Возможность эксплуатации

Publicly Disclosed

Exploited

Latest Software Release

Exploitation Less Likely

DOS

N/A

EPSS

Процентиль: 51%

0.00281

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-21703

CVSS3: 6.5

nvd

почти 3 года назад

Azure Data Box Gateway Remote Code Execution Vulnerability

GHSA-fmvx-j333-m58x

CVSS3: 6.5

github

почти 3 года назад

Azure Data Box Gateway Remote Code Execution Vulnerability

BDU:2023-00826

CVSS3: 6.5

fstec

почти 3 года назад

Уязвимость шлюза Azure Data Box Gateway, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 51%

0.00281

Низкий

6.5 Medium

CVSS3