Lucene search
AnonymousZDI-22-495HistoryMar 09, 2022 - 12:00 a.m.
Microsoft Azure Defender for IoT Password Change Command Injection Local Privilege Escalation Vulnerability
2022-03-0900:00:00
Anonymous
www.zerodayinitiative.com
13
0.03 Low
EPSS
Percentile
91.0%
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. An attacker must first obtain the ability to execute code as the www-data user on the target system in order to exploit this vulnerability. The specific flaw exists within the password change mechanism. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root.
Related
cve
cve
CVE-2022-23265
2022-03-09 17:15:10
cvelist
cvelist
mscve
mscve
Microsoft Defender for IoT Remote Code Execution Vulnerability
2022-03-08 08:00:00
cnvd
cnvd
Microsoft Defender code injection vulnerability
2022-03-09 00:00:00
nvd
nvd
CVE-2022-23265
2022-03-09 17:15:10
prion
prion
Remote code execution
2022-03-09 17:15:00
kaspersky
kaspersky
KLA12481 Multiple vulnerabilities in Microsoft System Center
2022-03-08 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday March 2022
2022-03-14 17:33:28
rapid7blog
rapid7blog
Patch Tuesday - March 2022
2022-03-08 21:08:35