Описание
Azure Migrate Remote Code Execution Vulnerability
FAQ
According to the CVSS metric, the attack vector is Adjacent (AV:A), the attack complexity is high (AC:H) and the privileges required is high (PR:H). What does this mean for this vulnerability?
An authenticated attacker would need to have access to a proxy server created in the same or in an accessible network of the Appliance.
What actions do customers need to take to protect themselves from this vulnerability?
The vulnerability has been mitigated by the latest change to the Azure Migrate Appliance's AutoUpdater which ensures MSI installers downloaded from the Download Center have been authentically signed by Microsoft prior to installation. See here for information on how to ensure your Azure Migrate Appliance can get the latest Azure Migrate Agent and ConfigManager updates.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
Azure Migrate Remote Code Execution Vulnerability
Уязвимость службы для переноса данных из локальной среды Azure Migrate, связанная с неправильной авторизацией, позволяющая нарушителю выполнить произвольный код
EPSS
6.4 Medium
CVSS3