Описание
Azure Stack HCI Elevation of Privilege Vulnerability
FAQ
What actions should I take to be protected from this vulnerability?
Customers must perform the following to mitigate this vulnerability:
- Update Azure Stack HCI resources to version 2411. Instructions on how to update can be found here.
- Rotate the administrator and user account passwords for all Azure Arc VMs deployed prior to updating the Azure Stack HCI instance to version 2411. Instructions on how to update these passwords can be found here.
The CVSS score for this vulnerability rates Scope as Changed (S:C). What does this mean?
The vulnerability is found within a component of the Azure Stack HCI cluster, but exploitation impacts Azure Arc VMs.
The CVSS score for this vulnerability rates Attack Vector as Local (AV:L). What does this mean?
Successful exploitation of this vulnerability requires an authenticated attacker to access the target Azure Stack HCI cluster, which could be performed through a remote desktop session or SSH.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.8 High
CVSS3
Связанные уязвимости
Azure Stack HCI Elevation of Privilege Vulnerability
Уязвимость гиперконвергентной инфраструктуры Microsoft Azure Stack (HCI), связанная с использованием жестко закодированных учетных данных, позволяющая нарушителю повысить свои привилегии
EPSS
8.8 High
CVSS3