Описание
Azure Storage Mover Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
In this situation a successful exploit could let attacker gain access to the network where the agent is installed which could lead to accessing to other assets in that network.
How could an attacker exploit this vulnerability?
An attacker who has performed the exploit successfully would be able to gain access to the installed agent and could perform remote code execution.
According to the CVSS metric, the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability?
For a successful exploitation, the attacker would need some key information like ARMID and UUID of the installed agent as pre-requisite.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Storage Mover Agent |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
8 High
CVSS3
Связанные уязвимости
Azure Storage Mover Remote Code Execution Vulnerability
Уязвимость службы хранилища Azure Storage Mover, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код
EPSS
8 High
CVSS3