Описание
Azure Local Remote Code Execution Vulnerability
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
FAQ
How could an attacker exploit this vulnerability?
An attacker could exploit this vulnerability by intercepting the unsecured communication between the configurator app and target machines, modifying the responses, and using that to trigger command injection that runs arbitrary code with admin privileges on the system. They could then extract the Azure token from the app’s logs and use it to move laterally into the cloud environment.
According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
A high attack complexity means the attacker must be able to perform a precise machine‑in‑the‑middle modification of Kerberos traffic, which requires specific network positioning and conditions to succeed.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
EPSS
8.1 High
CVSS3
Связанные уязвимости
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
Уязвимость программного средства локальной инфраструктуры Azure Local, связанная с ошибками процедуры подтверждения подлинности сертификата, позволяющая нарушителю выполнить произвольный код
EPSS
8.1 High
CVSS3