5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.081 Low
EPSS
Percentile
94.4%
Microsoft is aware of a publicly disclosed remote denial of service vulnerability for OpenSSL version 1.1.1d and newer. Previous versions prior to 1.1.1d are unaffected.
The vulnerability is fixed in version 1.1.1g. For more information, please see the OpenSSL security advisory.
Microsoft has confirmed Windows is not affected by this vulnerability. We are currently investigating the wider impact and are applying mitigations to services as needed.
If you are running a Linux VM or have installed any products that use OpenSSL on Azure, please review the version on your system. We recommend that you check the security blog for the distro you are using.
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.081 Low
EPSS
Percentile
94.4%