Kaspersky LabKLA12582KLA12582 Multiple vulnerabilities in Microsoft Azure
8.3 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
7.9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.6%
Detect date:
07/12/2022
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, obtain sensitive information.
Affected products:
Azure Storage Queues client library for Python
Azure Storage Blobs client library for Java
Azure Site Recovery VMWare to Azure
Azure Storage Queues client library for .NET
Azure Storage Blobs client library for .NET
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-33676
CVE-2022-33666
CVE-2022-33660
CVE-2022-33672
CVE-2022-33643
CVE-2022-33667
CVE-2022-33664
CVE-2022-33661
CVE-2022-33658
CVE-2022-33657
CVE-2022-33659
CVE-2022-33673
CVE-2022-30187
CVE-2022-33653
CVE-2022-33669
CVE-2022-33650
CVE-2022-33674
CVE-2022-33665
CVE-2022-33656
CVE-2022-33641
CVE-2022-33642
CVE-2022-33662
CVE-2022-33675
CVE-2022-30181
CVE-2022-33663
CVE-2022-33655
CVE-2022-33671
CVE-2022-33678
CVE-2022-33668
CVE-2022-33654
CVE-2022-33652
CVE-2022-33651
CVE-2022-33677
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-336767.2High
CVE-2022-336666.5High
CVE-2022-336604.9Warning
CVE-2022-336726.5High
CVE-2022-336436.5High
CVE-2022-336676.5High
CVE-2022-336644.9Warning
CVE-2022-336616.5High
CVE-2022-336584.9Warning
CVE-2022-336576.5High
CVE-2022-336594.9Warning
CVE-2022-336736.5High
CVE-2022-301874.7Warning
CVE-2022-336534.9Warning
CVE-2022-336694.9Warning
CVE-2022-336504.9Warning
CVE-2022-336748.3Critical
CVE-2022-336656.5High
CVE-2022-336566.5High
CVE-2022-336416.5High
CVE-2022-336424.9Warning
CVE-2022-336626.5High
CVE-2022-336757.8Critical
CVE-2022-301816.5High
CVE-2022-336636.5High
CVE-2022-336556.5High
CVE-2022-336714.9Warning
CVE-2022-336787.2High
CVE-2022-336684.9Warning
CVE-2022-336544.9Warning
CVE-2022-336524.9Warning
CVE-2022-336514.9Warning
CVE-2022-336777.2High
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30181
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33642
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33650
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33651
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33653
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33654
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33655
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33656
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33658
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33659
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33661
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33663
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33664
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33666
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33667
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33668
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33669
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33671
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33672
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33673
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33674
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33676
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33677
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-33678
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30181
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30187
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33641
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33642
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33643
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33650
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33651
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33652
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33653
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33654
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33655
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33656
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33657
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33658
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33659
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33660
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33661
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33662
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33663
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33664
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33665
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33666
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33667
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33668
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33669
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33671
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33672
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33673
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33674
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33675
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33676
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33677
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-33678
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Azure/
Related
8.3 High
CVSS3
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
7.9 High
AI Score
Confidence
High
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.015 Low
EPSS
Percentile
86.6%