Lucene search
Nitesh Surana (@_niteshsurana) of Project Nebula, Trend Micro ResearchZDI-23-880HistoryJun 16, 2023 - 12:00 a.m.
Microsoft Azure Machine Learning Service DSIMountAgent Missing Authentication Information Disclosure Vulnerability
2023-06-1600:00:00
Nitesh Surana (@_niteshsurana) of Project Nebula, Trend Micro Research
www.zerodayinitiative.com
12
microsoft azure
machine learning
dsimountagent
information disclosure
tcp port 46802
authentication
vulnerability
compromise
0.001 Low
EPSS
Percentile
21.8%
This vulnerability allows local attackers to disclose sensitive information on Microsoft Azure. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DSIMountAgent service, which listens on TCP port 46802 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose sensitive information, leading to further compromise.
Related
cvelist
cvelist
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
2023-04-11 19:14:03
prion
prion
Information disclosure
2023-04-11 21:15:00
nvd
nvd
CVE-2023-28312
2023-04-11 21:15:28
zdi
zdi
mscve
mscve
Azure Machine Learning Information Disclosure Vulnerability
2023-04-11 07:00:00
vulnrichment
vulnrichment
CVE-2023-28312 Azure Machine Learning Information Disclosure Vulnerability
2023-04-11 19:14:03
cve
cve
CVE-2023-28312
2023-04-11 21:15:28
kaspersky
kaspersky
KLA48837 Multiple vulnerabilities in Microsoft Azure
2023-04-11 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - April 2023
2023-04-11 22:49:56