Описание
Microsoft Configuration Manager Remote Code Execution Vulnerability
FAQ
How could an attacker exploit this vulnerability?
An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
What actions do customers need to take to protect themselves from this vulnerability?
Customers using a version of Configuration Manager specified in the Security Updates table of this CVE need to install an in-console update to be protected. Guidance for how to install Configuration Manager in-console updates is available here: Install in-console updates for Configuration Manager.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Configuration Manager 2403 | ||
| Microsoft Configuration Manager 2303 | ||
| Microsoft Configuration Manager 2309 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
9.8 Critical
CVSS3
Связанные уязвимости
Microsoft Configuration Manager Remote Code Execution Vulnerability
Microsoft Configuration Manager Remote Code Execution Vulnerability
Уязвимость программного обеспечения управления ИТ-инфраструктурой Microsoft Configuration Manager, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю выполнить произвольный код
EPSS
9.8 Critical
CVSS3