Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA20046
HistoryNov 08, 2022 - 12:00 a.m.

KLA20046 Multiple vulnerabilities in Microsoft Azure

2022-11-0800:00:00
Kaspersky Lab
threats.kaspersky.com
9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.1%

JSON

Detect date:

11/08/2022

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Affected products:

Azure CycleCloud 8
Azure EFLOW
Azure CLI
Azure RTOS GUIX Studio
Azure CycleCloud 7

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-41051
CVE-2022-38014
CVE-2022-41085
CVE-2022-39327

Impacts:

ACE

Related products:

Microsoft Azure

CVE-IDS:

CVE-2022-380147.0High
CVE-2022-410517.8Critical
CVE-2022-410857.5Critical
CVE-2022-393279.8Critical

Microsoft official advisories:

Related

prion 4
nessus 1
mscve 4
cve 4
github 1
osv 3
debiancve 1
veracode 1
ubuntucve 1
kaspersky 1
wallarmlab 1
rapid7blog 1
prion
prion
Privilege escalation
2022-11-09 22:15:00
Code injection
2022-10-25 17:15:00
Remote code execution
2022-11-09 22:15:00
nessus
nessus
Security Updates for Azure CycleCloud (Nov 2022)
2023-01-25 00:00:00
mscve
mscve
Azure CycleCloud Elevation of Privilege Vulnerability
2022-11-08 08:00:00
GitHub: CVE-2022-39327 Improper Control of Generation of Code ('Code Injection') in Azure CLI
2022-11-08 08:00:00
Azure RTOS GUIX Studio Remote Code Execution Vulnerability
2022-11-08 08:00:00
cve
cve
CVE-2022-41085
2022-11-09 22:15:00
CVE-2022-39327
2022-10-25 17:15:00
CVE-2022-38014
2022-11-09 22:15:00
github
github
Improper Control of Generation of Code ('Code Injection') in Azure CLI
2022-10-25 19:56:51
osv
osv
CVE-2022-39327
2022-10-25 17:15:56
Improper Control of Generation of Code ('Code Injection') in Azure CLI
2022-10-25 19:56:51
BIT-azure-cli-2022-39327
2024-03-06 10:50:38
debiancve
debiancve
CVE-2022-39327
2022-10-25 17:15:00
veracode
veracode
Arbitrary Code Injection
2022-10-26 04:18:56
ubuntucve
ubuntucve
CVE-2022-39327
2022-10-25 00:00:00
kaspersky
kaspersky
KLA20043 PE vulnerability in Microsoft Open Source Software
2022-11-08 00:00:00
wallarmlab
wallarmlab
Azure CLI Code Injection CVE-2022-39327 hits 9.8/10 CVSS score
2022-10-29 07:51:10
rapid7blog
rapid7blog
Patch Tuesday - November 2022
2022-11-08 20:02:57

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

71.1%

JSON
Related for KLA20046
prion4nessus1mscve4cve4github1osv3debiancve1veracode1ubuntucve1kaspersky1wallarmlab1rapid7blog1