CVE-2023-36737

FAQ

What is Network Watcher?

Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-Service) products including Virtual Machines (VM), Virtual Networks, Application Gateways, Load balancers, etc. For more details, please refer to: What is Azure Network Watcher?.

What privileges would an attacker gain by successfully exploiting this vulnerability?

An attacker who successfully exploited this vulnerability could route Packet Captures to a location in their control and perform file deletions that would limit the victim's troubleshooting and diagnostic capabilities.

According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?

An attacker must have access to the target virtual machine as an RBAC user with Reader role permissions or above.

According to the CVSS metric, the attack vector is local (AV:L). What does this mean for this vulnerability?

To successfully exploit this vulnerability, an attacker would need access to the virtual machine to be able to interfere with the Network Watcher Agent installation process.

Is there any action Azure customers need to take?

Azure customers who have enabled auto updates are mitigated automatically by the update deployed across Azure and do not need to take any action. Customers without auto updates enabled must re-install the NetworkWatcher Extension on their virtual machines to mitigate the risks of this vulnerability. These customers will receive additional messaging through the Azure Portal via Azure Service Health with further guidance.