Multiple vulnerabilities in Microsoft Azure

Description

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Azure Identity SDK can be exploited remotely to execute arbitrary code.
2. A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execute arbitrary code.
3. An elevation of privilege vulnerability in Azure HDInsight Apache Oozie Workflow Scheduler can be exploited remotely to gain privileges.
4. An elevation of privilege vulnerability in Azure DevOps Server can be exploited remotely to gain privileges.
5. An elevation of privilege vulnerability in Azure Network Watcher VM Agent can be exploited remotely to gain privileges.

Original advisories

• CVE-2023-36415

• CVE-2023-36418
• CVE-2023-36419
• CVE-2023-36414
• CVE-2023-36561
• CVE-2023-36737

Related products

• Microsoft-Azure
• .NET

CVE list

• CVE-2023-36561
  unknown
• CVE-2023-36415
  unknown
• CVE-2023-36418
  unknown
• CVE-2023-36419
  unknown
• CVE-2023-36414
  unknown
• CVE-2023-36737
  unknown

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com