Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12604
HistoryAug 09, 2022 - 12:00 a.m.

KLA12604 Multiple vulnerabilities in Microsoft Azure

2022-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
20

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.3%

JSON

Detect date:

08/09/2022

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, execute arbitrary code, cause denial of service.

Affected products:

Open Management Infrastructure
Azure Site Recovery VMWare to Azure
Azure Sphere
Azure Real Time Operating System GUIX Studio
Azure Batch

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-35782
CVE-2022-35790
CVE-2022-33646
CVE-2022-35799
CVE-2022-35814
CVE-2022-35809
CVE-2022-35811
CVE-2022-35808
CVE-2022-34685
CVE-2022-35785
CVE-2022-35817
CVE-2022-35789
CVE-2022-35775
CVE-2022-35772
CVE-2022-35780
CVE-2022-35773
CVE-2022-35788
CVE-2022-35819
CVE-2022-35781
CVE-2022-35784
CVE-2022-35801
CVE-2022-35776
CVE-2022-35802
CVE-2022-33640
CVE-2022-35774
CVE-2022-30175
CVE-2022-35791
CVE-2022-35783
CVE-2022-35787
CVE-2022-34686
CVE-2022-35818
CVE-2022-35800
CVE-2022-35810
CVE-2022-35816
CVE-2022-35813
CVE-2022-35806
CVE-2022-35812
CVE-2022-35779
CVE-2022-30176
CVE-2022-34687
CVE-2022-35821
CVE-2022-35807
CVE-2022-35824
CVE-2022-35786
CVE-2022-35815

Impacts:

ACE

Related products:

Microsoft Azure

CVE-IDS:

CVE-2022-357826.5High
CVE-2022-357906.5High
CVE-2022-336467.0High
CVE-2022-357996.5High
CVE-2022-358146.5High
CVE-2022-358096.5High
CVE-2022-358116.5High
CVE-2022-358086.5High
CVE-2022-346855.5High
CVE-2022-357856.5High
CVE-2022-358176.5High
CVE-2022-357896.5High
CVE-2022-357756.5High
CVE-2022-357727.2High
CVE-2022-357806.5High
CVE-2022-357737.8Critical
CVE-2022-357886.5High
CVE-2022-358196.5High
CVE-2022-357816.5High
CVE-2022-357846.5High
CVE-2022-358016.5High
CVE-2022-357766.2High
CVE-2022-358028.1Critical
CVE-2022-336407.8Critical
CVE-2022-357744.9Warning
CVE-2022-301757.8Critical
CVE-2022-357916.5High
CVE-2022-357834.4Warning
CVE-2022-357874.9Warning
CVE-2022-346865.5High
CVE-2022-358186.5High
CVE-2022-358004.9Warning
CVE-2022-358106.5High
CVE-2022-358166.5High
CVE-2022-358136.5High
CVE-2022-358067.8Critical
CVE-2022-358124.9Warning
CVE-2022-357797.8Critical
CVE-2022-301767.8Critical
CVE-2022-346877.8Critical
CVE-2022-358214.4Warning
CVE-2022-358076.5High
CVE-2022-358247.2High
CVE-2022-357866.5High
CVE-2022-358156.5High

Microsoft official advisories:

References

Related

nessus 3
rapid7blog 1
prion 45
mscve 45
cnvd 10
cve 45
talos 1
kaspersky 1
osv 1
qualysblog 1
nessus
nessus
Security Updates for Microsoft Azure Site Recovery (August 2022)
2022-08-30 00:00:00
Security Updates for Microsoft System Center Management Pack (August 2022)
2022-08-10 00:00:00
Security Updates for Microsoft Open Management Infrastructure (August 2022)
2022-08-10 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - August 2022
2022-08-09 19:34:51
prion
prion
Privilege escalation
2022-08-09 20:15:00
Privilege escalation
2022-08-09 20:15:00
Privilege escalation
2022-08-09 20:15:00
mscve
mscve
Azure RTOS GUIX Studio Information Disclosure Vulnerability
2022-08-09 07:00:00
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
2022-08-09 07:00:00
Azure Site Recovery Elevation of Privilege Vulnerability
2022-08-09 07:00:00
cnvd
cnvd
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-84111)
2022-08-11 00:00:00
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67841)
2022-08-12 00:00:00
Microsoft Azure Site Recovery Elevation of Privilege Vulnerability (CNVD-2022-67844)
2022-08-12 00:00:00
cve
cve
CVE-2022-35799
2022-08-09 20:15:00
CVE-2022-34687
2022-08-09 20:15:00
CVE-2022-35802
2022-08-09 20:15:00
talos
talos
Microsoft Azure Sphere /proc/fdt mmap operation out-of-bounds read vulnerability
2022-08-17 00:00:00
kaspersky
kaspersky
KLA12607 PE vulnerability in Microsoft System Center
2022-08-09 00:00:00
osv
osv
CVE-2022-33640
2022-08-09 20:15:10
qualysblog
qualysblog
August 2022 Patch Tuesday | Microsoft Releases 121 Vulnerabilities with 17 Critical, plus 20 Microsoft Edge (Chromium-Based); Adobe Releases 5 Advisories, 25 Vulnerabilities with 15 Critical.
2022-08-09 20:00:00

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

8 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

MULTIPLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:M/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.3%

JSON
Related for KLA12604
nessus3rapid7blog1prion45mscve45cnvd10cve45talos1kaspersky1osv1qualysblog1