Описание
Azure Connected Machine Agent Elevation of Privilege Vulnerability
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
FAQ
What privileges could be gained by an attacker who successfully exploited this vulnerability?
An attacker who successfully exploited this vulnerability could gain SYSTEM privileges.
According to the CVSS metric, the attack vector is local (AV:L). What does that mean for this vulnerability?
An attacker could trigger this vulnerability remotely by having valid permissions on the Azure Resource Manager (ARM) API to access the Azure Relay. In the worst case scenario, an attacker could locally trigger this vulnerability by running code as a lower-privileged user on the same computer that Azure Arc is running on (AV:L). When multiple attack vectors can be used, we assign a score based on the scenario with the higher risk.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Azure Connected Machine Agent |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
7.8 High
CVSS3
Связанные уязвимости
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally.
Уязвимость программного средства управления серверами и виртуальными машинами Azure Connected Machine Agent, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю повысить свои привилегии
EPSS
7.8 High
CVSS3