Описание
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An attacker with local access to a machine with Azure Site Recovery (ASR) can execute code that allows escalating privileges to IUSR (or Anonymous User Identity) and could discover MySQL root password, which could result in the discovery of other stored encrypted credentials.
Why is this CVE rated as Moderate severity?
The attacker can only elevate their privileges to Root on the specific system or database which they are targeting. System privileges cannot be gained and information relating to other systems or database can not be obtained after elevating their privileges.
According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?
An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
9.3 Critical
CVSS3
Связанные уязвимости
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability
Уязвимость средства аварийного восстановления Azure Site Recovery, связанная с недостатками разграничения доступа, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии
EPSS
9.3 Critical
CVSS3