Lucene search
Nitesh Surana (@_niteshsurana) of Project Nebula, Trend Micro ResearchZDI-23-380HistoryApr 11, 2023 - 12:00 a.m.
Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
2023-04-1100:00:00
Nitesh Surana (@_niteshsurana) of Project Nebula, Trend Micro Research
www.zerodayinitiative.com
12
microsoft azure
machine learning
dsimountagent
authentication
information disclosure
vulnerability
tcp
port 46802
network-adjacent
attackers
sensitive information
compromise
0.001 Low
EPSS
Percentile
21.8%
This vulnerability allows network-adjacent attackers to disclose sensitive information on Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DSIMountAgent service, which listens on TCP port 46802 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise.
Related
prion
prion
Information disclosure
2023-04-11 21:15:00
cvelist
cvelist
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
2023-04-11 19:14:03
nvd
nvd
CVE-2023-28312
2023-04-11 21:15:28
mscve
mscve
Azure Machine Learning Information Disclosure Vulnerability
2023-04-11 07:00:00
vulnrichment
vulnrichment
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
2023-04-11 19:14:03
cve
cve
CVE-2023-28312
2023-04-11 21:15:28
zdi
zdi
kaspersky
kaspersky
KLA48837 Multiple vulnerabilities in Microsoft Azure
2023-04-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56