Описание
Azure CycleCloud Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An authenticated attacker with permissions to execute commands on the Azure CycleCloud instance could send a specially crafted request that returns the storage account credentials and runtime data. The attacker can then use the comprised credentials to access the underlying storage resources and upload malicious scripts which will be executed as Root, enabling remote code execution to be performed on any cluster in the CycleCloud instance.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure CycleCloud 8.2.0 | ||
| Azure CycleCloud 8.0.0 | ||
| Azure CycleCloud 8.6.0 | ||
| Azure CycleCloud 8.0.1 | ||
| Azure CycleCloud 8.0.2 | ||
| Azure CycleCloud 8.1.0 | ||
| Azure CycleCloud 8.1.1 | ||
| Azure CycleCloud 8.2.2 | ||
| Azure CycleCloud 8.2.1 | ||
| Azure CycleCloud 8.3.0 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.8 High
CVSS3
Связанные уязвимости
Azure CycleCloud Remote Code Execution Vulnerability
Уязвимость инструмента для организации и управления средами высокопроизводительных вычислений (HPC) Azure CycleCloud, связанная с недостатками контроля доступа, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3