Описание
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
FAQ
Is there any action I need to take to be protected from this vulnerability?
If you have enabled automatic updates, you will automatically receive the update as soon as it is available. If you have not enabled automatic updates, you will need to update the product manually.
Please see Update Network Watcher extension to the latest version - Azure Virtual Machines | Microsoft Learn for more information.
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account.
According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:N), but has major impact on integrity (I:H) and availability (A:H). What does that mean for this vulnerability?
Exploitation of this vulnerability does not disclose any confidential information but allows an attacker to modify or delete files containing data which could cause the service to become unavailable.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Network Watcher VM Extension for Windows |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
7.1 High
CVSS3
Связанные уязвимости
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
Azure Network Watcher VM Agent Elevation of Privilege Vulnerability
EPSS
7.1 High
CVSS3