Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12604
HistoryAug 09, 2022 - 12:00 a.m.

KLA12604 Multiple vulnerabilities in Microsoft Azure

2022-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
30
azure
vulnerabilities
privilege escalation
information disclosure
code execution
denial of service
remote exploitation

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

0.01

Percentile

84.2%

JSON

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Azure Site Recovery can be exploited remotely to gain privileges.
  2. An elevation of privilege vulnerability in Azure Batch Node Agent can be exploited remotely to gain privileges.
  3. An information disclosure vulnerability in Azure RTOS GUIX Studio can be exploited remotely to obtain sensitive information.
  4. A remote code execution vulnerability in Azure Site Recovery can be exploited remotely to execute arbitrary code.
  5. A remote code execution vulnerability in Azure RTOS GUIX Studio can be exploited remotely to execute arbitrary code.
  6. A denial of service vulnerability in Azure Site Recovery can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in System Center Operations Manager: Open Management Infrastructure (OMI) can be exploited remotely to gain privileges.
  8. An information disclosure vulnerability in Azure Sphere can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2022-35782

CVE-2022-35790

CVE-2022-33646

CVE-2022-35799

CVE-2022-35814

CVE-2022-35809

CVE-2022-35811

CVE-2022-35808

CVE-2022-34685

CVE-2022-35785

CVE-2022-35817

CVE-2022-35789

CVE-2022-35775

CVE-2022-35772

CVE-2022-35780

CVE-2022-35773

CVE-2022-35788

CVE-2022-35819

CVE-2022-35781

CVE-2022-35784

CVE-2022-35801

CVE-2022-35776

CVE-2022-35802

CVE-2022-33640

CVE-2022-35774

CVE-2022-30175

CVE-2022-35791

CVE-2022-35783

CVE-2022-35787

CVE-2022-34686

CVE-2022-35818

CVE-2022-35800

CVE-2022-35810

CVE-2022-35816

CVE-2022-35813

CVE-2022-35806

CVE-2022-35812

CVE-2022-35779

CVE-2022-30176

CVE-2022-34687

CVE-2022-35821

CVE-2022-35807

CVE-2022-35824

CVE-2022-35786

CVE-2022-35815

Related products

Microsoft-Azure

CVE list

CVE-2022-35782 high

CVE-2022-35790 high

CVE-2022-33646 high

CVE-2022-35799 high

CVE-2022-35814 high

CVE-2022-35809 high

CVE-2022-35811 high

CVE-2022-35808 high

CVE-2022-34685 high

CVE-2022-35785 high

CVE-2022-35817 high

CVE-2022-35789 high

CVE-2022-35775 high

CVE-2022-35772 high

CVE-2022-35780 high

CVE-2022-35773 critical

CVE-2022-35788 high

CVE-2022-35819 high

CVE-2022-35781 high

CVE-2022-35784 high

CVE-2022-35801 high

CVE-2022-35776 high

CVE-2022-35802 critical

CVE-2022-33640 critical

CVE-2022-35774 warning

CVE-2022-30175 critical

CVE-2022-35791 high

CVE-2022-35783 warning

CVE-2022-35787 warning

CVE-2022-34686 high

CVE-2022-35818 high

CVE-2022-35800 warning

CVE-2022-35810 high

CVE-2022-35816 high

CVE-2022-35813 high

CVE-2022-35806 critical

CVE-2022-35812 warning

CVE-2022-35779 critical

CVE-2022-30176 critical

CVE-2022-34687 critical

CVE-2022-35821 warning

CVE-2022-35807 high

CVE-2022-35824 high

CVE-2022-35786 high

CVE-2022-35815 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Open Management InfrastructureAzure Site Recovery VMWare to AzureAzure SphereAzure Real Time Operating System GUIX StudioAzure Batch

References

Related

nessus 3
rapid7blog 1
nvd 39
mscve 35
cvelist 39
prion 35
cnvd 8
cve 36
kaspersky 1
osv 1
talos 1
nessus
nessus
Security Updates for Microsoft Azure Site Recovery (August 2022)
2022-08-30 00:00:00
Security Updates for Microsoft System Center Management Pack (August 2022)
2022-08-10 00:00:00
Security Updates for Microsoft Open Management Infrastructure (August 2022)
2022-08-10 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - August 2022
2022-08-09 19:34:51
nvd
nvd
CVE-2022-30175
2022-08-09 20:15:09
CVE-2022-34685
2022-08-09 20:15:10
CVE-2022-34686
2022-08-09 20:15:10
mscve
mscve
Azure RTOS GUIX Studio Information Disclosure Vulnerability
2022-08-09 07:00:00
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
2022-08-09 07:00:00
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
2022-08-09 07:00:00
cvelist
cvelist
CVE-2022-35816 Azure Site Recovery Elevation of Privilege Vulnerability
2022-08-09 20:10:59
CVE-2022-30175 Azure RTOS GUIX Studio Remote Code Execution Vulnerability
2022-08-09 19:48:50
CVE-2022-34686 Azure RTOS GUIX Studio Information Disclosure Vulnerability
2022-08-09 19:51:23
prion
prion
Privilege escalation
2022-08-09 20:15:00
Privilege escalation
2022-08-09 20:15:00
Remote code execution
2022-08-09 20:15:00
cnvd
cnvd
Microsoft Azure Site Recovery Remote Code Execution Vulnerability (CNVD-2022-67840)
2022-08-12 00:00:00
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67841)
2022-08-12 00:00:00
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67843)
2022-08-12 00:00:00
cve
cve
CVE-2022-34687
2022-08-09 20:15:10
CVE-2022-30175
2022-08-09 20:15:09
CVE-2022-35816
2022-08-09 20:15:14
kaspersky
kaspersky
KLA12607 PE vulnerability in Microsoft System Center
2022-08-09 00:00:00
osv
osv
CVE-2022-33640
2022-08-09 20:15:10
talos
talos
Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability
2022-08-17 00:00:00

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

AI Score

8.8

Confidence

High

EPSS

0.01

Percentile

84.2%

JSON
Related for KLA12604
nessus3rapid7blog1nvd39mscve35cvelist39prion35cnvd8cve36kaspersky1osv1talos1