Описание
Azure Connected Machine Agent Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R) and privileges required is Low (PR:L). What does that mean for this vulnerability?
A non-admin local user who has sufficient permissions to create symbolic links on a Windows computer that has Azure Connected Machine Agent installed (or before the agent is installed) could create links from a directory used by the agent to other privileged files on the computer. If the administrator later installs virtual machine extensions on the machine, those files could be deleted.
What privileges could an attacker gain with successful exploitation?
An attacker who successfully exploited the vulnerability could add symlinks and cause an arbitrary file delete as SYSTEM.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Connected Machine Agent |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.3 High
CVSS3
Связанные уязвимости
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Уязвимость программного средства управления серверами и виртуальными машинами Azure Connected Machine Agent, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.3 High
CVSS3