Kaspersky LabKLA65131KLA65131 Multiple vulnerabilities in Microsoft Azure
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
38.1%
Detect date:
03/12/2024
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Azure SDK
Open Management Infrastructure
Software for Open Networking in the Cloud (SONiC) 201911
Azure Sentinel
Software for Open Networking in the Cloud (SONiC) 202012
Azure Automation Update Management
Container Monitoring Solution
Azure Kubernetes Service Confidential Containers
Operations Management Suite Agent for Linux (OMS)
Azure Automation
Azure Security Center
Software for Open Networking in the Cloud (SONiC) 201811
Azure Data Studio
Software for Open Networking in the Cloud (SONiC) 202205
Log Analytics Agent
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2024-26203
CVE-2024-21421
CVE-2024-21400
CVE-2024-21334
CVE-2024-21330
CVE-2024-21418
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2024-213349.8Critical
CVE-2024-213307.8Critical
CVE-2024-262037.3High
CVE-2024-214217.5Critical
CVE-2024-214009.0Critical
CVE-2024-214187.8Critical
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21330
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21334
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21400
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21418
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21421
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26203
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21418
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Azure/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
38.1%