Описание
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?
Exploitation of the vulnerability requires a user to modify a custom compliance script on the device after it is written to temporary storage and before execution of the script finishes.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H) and integrity (I:H) but not availability (A:N). What does that mean for this vulnerability?
This vulnerability could allow an attacker to view potentially restricted information inside of a custom compliance script and tamper with the results of the scripts, but does not allow the attacker to make any other parts of the Intune service unavailable
What privileges could an attacker gain by successful exploiting this vulnerability?
An attacker who successfully exploited this vulnerability could alter the results of a custom compliance script, bypassing compliance checks enforced by these scripts.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Intune Company Portal for Android |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
6.6 Medium
CVSS3
Связанные уязвимости
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Microsoft Intune Linux Agent Elevation of Privilege Vulnerability
Уязвимость агента Microsoft Intune Linux средства управления доступом к корпоративным приложениям, данным и ресурсам Microsoft Intune Company Portal for Android, позволяющая нарушителю повысить свои привилегии
EPSS
6.6 Medium
CVSS3