Azure Arc-Enabled Servers Elevation of Privilege Vulnerability
CVE-2023-38176

7HIGH

Key Information:

Vendor: Microsoft
Status: Azure Arc-enabled Servers
Vendor: CVE Published:; 8 August 2023

Summary

This vulnerability in Azure Arc-Enabled Servers could allow attackers to gain higher privileges within the system, potentially leading to unauthorized access and manipulation of sensitive information. Organizations utilizing Azure Arc must ensure that they apply the latest security updates and apply best practices to mitigate the risks associated with this vulnerability.

Affected Version(s)

Azure Arc-Enabled Servers Unknown 1.0.0.0 < 1.33.02399.0

References

https://msrc.microsoft.com/update-guide/vulnerability/CVE...

vendor-advisory

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Jul 12, 2023