KLA60565
Multiple vulnerabilities in Microsoft Azure

Обновлено: 29/09/2023
Дата обнаружения
12/09/2023
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Microsoft Identity Linux Broker can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Azure DevOps Server can be exploited remotely to gain privileges.
  3. An elevation of privilege vulnerability in Azure HDInsight Apache Ambari can be exploited remotely to gain privileges.
  4. An elevation of privilege vulnerability in Microsoft Azure Kubernetes Service can be exploited remotely to gain privileges.
  5. A remote code execution vulnerability in Azure DevOps Server can be exploited remotely to execute arbitrary code.
Пораженные продукты

Microsoft Identity Linux Broker
Azure DevOps Server 2022.0.1
Azure HDInsights
Azure Kubernetes Service

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2023-36736
CVE-2023-38155
CVE-2023-38156
CVE-2023-29332
CVE-2023-33136
Оказываемое влияние
?
ACE 
[?]

PE 
[?]
Связанные продукты
Microsoft Azure
CVE-IDS
CVE-2023-381555.0Warning
CVE-2023-331365.0Warning
CVE-2023-367365.0Warning
CVE-2023-381565.0Warning
CVE-2023-293325.0Warning