Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12338
HistoryNov 09, 2021 - 12:00 a.m.

KLA12338 Multiple vulnerabilities in Microsoft Azure

2021-11-0900:00:00
Kaspersky Lab
threats.kaspersky.com
11

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.2%

JSON

Detect date:

11/09/2021

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to obtain sensitive information, gain privileges, spoof user interface.

Affected products:

Azure Sphere
Azure RTOS
FSLogix

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2021-42301
CVE-2021-42304
CVE-2021-26444
CVE-2021-41375
CVE-2021-41374
CVE-2021-42303
CVE-2021-42300
CVE-2021-42323
CVE-2021-41376
CVE-2021-42302
CVE-2021-41373

Impacts:

OSI

Related products:

Microsoft Azure

Related

cnvd 10
prion 11
mscve 11
talos 2
cve 11
nessus 1
cnvd
cnvd
Microsoft Azure Sphere Input Validation Error Vulnerability
2021-11-10 00:00:00
Microsoft Azure Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-94962)
2021-11-10 00:00:00
Microsoft Azure Privilege Permission and Access Control Issue Vulnerability (CNVD-2021-94963)
2021-11-10 00:00:00
prion
prion
Privilege escalation
2021-11-10 01:19:00
Privilege escalation
2021-11-10 01:19:00
Information disclosure
2021-11-10 01:19:00
mscve
mscve
Azure RTOS Elevation of Privilege Vulnerability
2021-11-09 08:00:00
Azure Sphere Information Disclosure Vulnerability
2021-11-09 08:00:00
FSLogix Information Disclosure Vulnerability
2021-11-09 08:00:00
talos
talos
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests image validation signature check bypass vulnerability
2021-11-09 00:00:00
Microsoft Azure Sphere Security Monitor SMSyscallStageBaseManifests offset calculation out-of-bounds read vulnerability
2021-11-09 00:00:00
cve
cve
CVE-2021-41374
2021-11-10 01:19:00
CVE-2021-26444
2021-11-10 01:16:00
CVE-2021-42304
2021-11-10 01:19:00
nessus
nessus
Security Updates for Microsoft FSLogix Apps (November 2021)
2021-11-09 00:00:00

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

37.2%

JSON
Related for KLA12338
cnvd10prion11mscve11talos2cve11nessus1