Описание
Azure Monitor Agent Remote Code Execution Vulnerability
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
FAQ
How can I tell if this issue affects me, and what steps should I take to stay protected?
If you have Azure Monitor Agent extension version 1.37.0 or below you are affected. To protect your device, please upgrade to version 1.37.1 and above.
According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L), have some effect on integrity (I:L), but a major effect on availability (A:H). What does that mean for this vulnerability?
This means for the vulnerability, while data exposure and tampering are possible, the most significant impact is on system availability—exploitation could crash processes or exhaust memory, disrupting log collection and monitoring services.
According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?
The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.3 High
CVSS3
Связанные уязвимости
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
Heap-based buffer overflow in Azure Monitor Agent allows an unauthorized attacker to execute code locally.
Уязвимость службы мониторинга Azure Monitor, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код
EPSS
7.3 High
CVSS3