Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20234
HistoryFeb 14, 2023 - 12:00 a.m.

KLA20234 Multiple vulnerabilities in Microsoft Azure

2023-02-1400:00:00
Kaspersky Lab
threats.kaspersky.com
12
microsoft azure
vulnerabilities
sensitive information
privileges
arbitrary code
user interface

8.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

8.5 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.1%

JSON

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Azure Machine Learning Compute Instance can be exploited remotely to obtain sensitive information.
  2. An elevation of privilege vulnerability in Azure App Service on Azure Stack Hub can be exploited remotely to gain privileges.
  3. A remote code execution vulnerability in Azure Data Box Gateway can be exploited remotely to execute arbitrary code.
  4. A spoofing vulnerability in Azure DevOps Server 2022 can be exploited remotely to spoof user interface.

Original advisories

CVE-2023-23382

CVE-2023-21777

CVE-2023-21703

CVE-2023-21564

Related products

Microsoft-Edge

Microsoft-Azure

CVE list

CVE-2023-23382 high

CVE-2023-21777 critical

CVE-2023-21703 high

CVE-2023-21564 high

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

  • SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

  • Azure App Service on Azure Stack HubAzure Data Box GatewayAzure Stack EdgeAzure DevOps Server 2022Azure Machine Learning

Related

nessus 1
vulnrichment 2
cve 4
mscve 4
cvelist 4
nvd 4
prion 4
zdi 1
rapid7blog 1
nessus
nessus
Azure DevOps Server 2022 XSS
2023-07-07 00:00:00
vulnrichment
vulnrichment
CVE-2023-21564 Azure DevOps Server Cross-Site Scripting Vulnerability
2023-02-14 19:33:48
CVE-2023-21777 Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
2023-02-14 19:32:37
cve
cve
CVE-2023-21564
2023-02-14 20:15:11
CVE-2023-21777
2023-02-14 20:15:14
CVE-2023-23382
2023-02-14 20:15:17
mscve
mscve
Azure DevOps Server Cross-Site Scripting Vulnerability
2023-02-14 08:00:00
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
2023-02-14 08:00:00
Azure Machine Learning Compute Instance Information Disclosure Vulnerability
2023-02-14 08:00:00
cvelist
cvelist
CVE-2023-21564 Azure DevOps Server Cross-Site Scripting Vulnerability
2023-02-14 19:33:48
CVE-2023-21777 Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability
2023-02-14 19:32:37
CVE-2023-23382 Azure Machine Learning Compute Instance Information Disclosure Vulnerability
2023-02-14 19:32:59
nvd
nvd
CVE-2023-21777
2023-02-14 20:15:14
CVE-2023-21564
2023-02-14 20:15:11
CVE-2023-23382
2023-02-14 20:15:17
prion
prion
Cross site scripting
2023-02-14 20:15:00
Privilege escalation
2023-02-14 20:15:00
Information disclosure
2023-02-14 20:15:00
zdi
zdi
Microsoft Azure Machine Learning Service Cleartext Storage of Credentials Information Disclosure Vulnerability
2023-02-24 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - February 2023
2023-02-15 00:41:59

8.7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

8.5 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.1%

JSON
Related for KLA20234
nessus1vulnrichment2cve4mscve4cvelist4nvd4prion4zdi1rapid7blog1