Kaspersky LabKLA12582KLA12582 Multiple vulnerabilities in Microsoft Azure
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.4 High
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.2%
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Azure Site Recovery can be exploited remotely to execute arbitrary code.
- An elevation of privilege vulnerability in Azure Site Recovery can be exploited remotely to gain privileges.
- An information disclosure vulnerability in Azure Storage Library can be exploited remotely to obtain sensitive information.
Original advisories
Related products
CVE list
CVE-2022-33676 high
CVE-2022-33666 high
CVE-2022-33660 warning
CVE-2022-33672 high
CVE-2022-33643 high
CVE-2022-33667 high
CVE-2022-33664 warning
CVE-2022-33661 high
CVE-2022-33658 warning
CVE-2022-33657 high
CVE-2022-33659 warning
CVE-2022-33673 high
CVE-2022-30187 warning
CVE-2022-33653 warning
CVE-2022-33669 warning
CVE-2022-33650 warning
CVE-2022-33674 critical
CVE-2022-33665 high
CVE-2022-33656 high
CVE-2022-33641 high
CVE-2022-33642 warning
CVE-2022-33662 high
CVE-2022-33675 critical
CVE-2022-30181 high
CVE-2022-33663 high
CVE-2022-33655 high
CVE-2022-33671 warning
CVE-2022-33678 high
CVE-2022-33668 warning
CVE-2022-33654 warning
CVE-2022-33652 warning
CVE-2022-33651 warning
CVE-2022-33677 high
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- OSI
Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Azure Storage Queues client library for PythonAzure Storage Blobs client library for JavaAzure Site Recovery VMWare to AzureAzure Storage Queues client library for .NETAzure Storage Blobs client library for .NET
References
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30181
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30187
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33641
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33642
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33643
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33650
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33651
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33652
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33653
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33654
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33655
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33656
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33657
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33658
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33659
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33660
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33661
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33662
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33663
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33664
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33665
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33666
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33667
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33668
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33669
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33671
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33672
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33673
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33674
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33675
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33676
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33677
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33678
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-Azure/
Related
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.3 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
8.4 High
AI Score
Confidence
Low
0.012 Low
EPSS
Percentile
85.2%