KLA12140
Multiple vulnerabilities in Microsoft Azure

Обновлено: 22/04/2021
Дата обнаружения
13/04/2021
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. An unsigned code execution vulnerability in Azure Sphere can be exploited remotely to execute arbitrary code.
  2. An elevation of privilege vulnerability in Azure ms-rest-nodeauth Library can be exploited remotely to gain privileges.
Пораженные продукты

@azure/ms-rest-nodeauth
Azure Sphere

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-28460
CVE-2021-28458
Оказываемое влияние
?
ACE 
[?]

PE 
[?]
Связанные продукты
Microsoft Azure
CVE-IDS