Lucene search

Kaspersky LabKLA20119

HistoryDec 13, 2022 - 12:00 a.m.

KLA20119 SB vulnerability in Microsoft Azure

2022-12-1300:00:00

Kaspersky Lab

threats.kaspersky.com

microsoft azure

security vulnerability

malicious users

bypass security restrictions

update

kb section

azure network watcher vm extension

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Security vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to bypass security restrictions.

Original advisories

CVE-2022-44699

Related products

Microsoft-Azure

CVE list

CVE-2022-44699 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

Azure Network Watcher VM Extension

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44699

statistics.securelist.com/

threats.kaspersky.com/en/product/Microsoft-Azure/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.7%

JSON

Related for KLA20119