Azure Identity SDK Remote Code Execution Vulnerability
CVE-2023-36414

8.8HIGH

Key Information:

Vendor: Microsoft
Status: Azure Identity Sdk For .net
Vendor: CVE Published:; 10 October 2023

Summary

The Azure Identity SDK contains a remote code execution vulnerability that could allow an attacker to execute arbitrary code on the affected systems. This flaw presents significant security risks, especially in environments where Azure Identity SDK is utilized for identity management and authentication. Organizations using vulnerable versions of the Azure Identity SDK are strongly encouraged to review Microsoft’s advisory and apply necessary patches to mitigate risks.

Affected Version(s)

Azure Identity SDK for .NET Unknown 1.0.0 < 1.10.2

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2023
Vulnerability Reserved
Jun 21, 2023