Описание
Configuration Manager Elevation of Privilege Vulnerability
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.
FAQ
What privileges could be gained by an attacker who successfully exploited the vulnerability?
An authorized attacker who successfully exploited this vulnerability could gain configuration manager administrator privileges.
How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by injecting malicious SQL into the DuplicateAMTMachineRecord method.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft Configuration Manager 2403 | ||
| Microsoft Configuration Manager 2503 | ||
| Microsoft Configuration Manager 2409 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.4 High
CVSS3
Связанные уязвимости
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.
Improper neutralization of special elements used in an sql command ('sql injection') in Microsoft Configuration Manager allows an unauthorized attacker to elevate privileges locally.
Уязвимость программного обеспечения управления ИТ-инфраструктурой Microsoft Configuration Manager, связанная с непринятием мер по защите структуры запроса SQL, позволяющая нарушителю повысить свои привилегии
EPSS
8.4 High
CVSS3