Описание
Microsoft Azure File Sync Elevation of Privilege Vulnerability
FAQ
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to win a race condition.
According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability?
Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
Exploiting this vulnerability would allow the attacker to perform arbitrary deletion of files that are not accessible to unprivileged users on the victim machine.
According to the CVSS metric, user interaction is Required (UI:R). What does that mean for this vulnerability?
The successful exploitation of this vulnerability requires a user with administrator privileges to perform specific operations on the endpoint targeted by the attacker.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure File Sync v17.0 | ||
| Azure File Sync v16.0 | ||
| Azure File Sync v18 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
Microsoft Azure File Sync Elevation of Privilege Vulnerability
Microsoft Azure File Sync Elevation of Privilege Vulnerability
Уязвимость службы синхронизации данных Microsoft Azure File Sync, связанная с неверным определением символических ссылок перед доступом к файлу, позволяющая нарушителю обойти существующие ограничения безопасности и повысить свои привилегии
EPSS
4.4 Medium
CVSS3