Описание
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
FAQ
What can an attacker do with this vulnerability?
An elevation of privilege vulnerability exists in the Azure Connected Machine Agent used with the Azure Arc-Enabled Servers service. This impacts both Linux and Windows servers. A low privilege user on the machine where the agent is installed can chain two vulnerabilities in HIMDS to get root/admin access on the server.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain administrator privileges.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to exploit two separate vulnerabilities to gain elevated privileges.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Arc-Enabled Servers |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7 High
CVSS3
Связанные уязвимости
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
EPSS
7 High
CVSS3