Lucene search

Kaspersky LabKLA62432

HistoryDec 13, 2023 - 12:00 a.m.

KLA62432 SUI vulnerability in Microsoft Developer Tools

2023-12-1300:00:00

Kaspersky Lab

threats.kaspersky.com

vulnerability

microsoft developer tools

spoofing

azure devops server

updates

kb section

windows update

cve-2023-21751

sui

microsoft azure

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

A spoofing vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to spoof user interface.

Original advisories

CVE-2023-21751

Related products

Microsoft-Azure

CVE list

CVE-2023-21751 warning

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

Azure DevOps Server 2020.1.2

References

msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21751

statistics.securelist.com/

threats.kaspersky.com/en/product/Microsoft-Azure/

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.9%

JSON

Related for KLA62432