Описание
Microsoft Defender for IoT Elevation of Privilege Vulnerability
FAQ
What is the action required to take the update?
You need to update to the latest Microsoft Defender for IoT software version. See the Update the software version section of Manage the on-premises management console.
What is Microsoft Defender for IoT?
Microsoft Defender for IoT is a unified security solution for identifying IoT/OT devices, vulnerabilities, and threats. It enables you to secure your entire IoT/OT environment, whether you need to protect existing IoT/OT devices or build security into new IoT innovations. See Microsoft Defender for IoT for more information.
According to the CVSS metric, the attack vector is local (AV:L). What does that mean for this vulnerability?
An attacker must be an authenticated user logged in on the targeted Defender for IOT Management Console in order to exploit this vulnerability.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain administrator privileges.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
An attacker must authenticate and be assigned the role of a Security Analyst or Administrator to exploit this vulnerability.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Defender for IoT |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.8 High
CVSS3
Связанные уязвимости
Microsoft Defender for IoT Elevation of Privilege Vulnerability
Microsoft Defender for IoT Elevation of Privilege Vulnerability
Уязвимость комплекса средств по обнаружению угроз для сред Интернета вещей Microsoft Defender for IoT, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3