Rewterz Threat Advisory – Multiple Microsoft Azure Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-36052 CVSS:8.6

Microsoft Azure could allow a remote attacker to obtain sensitive information, caused by a flaw in the CLI REST Command component. By executing a specially crafted program, an attacker could exploit this vulnerability to obtain plaintext usernames and passwords from log files and use this information to launch further attacks against the affected system.

CVE-2023-36043 CVSS:6.5

Microsoft Azure could allow a local authenticated attacker to obtain sensitive information, caused by a flaw in the Open Management Infrastructure component. By persuading a victim to open a specially crafted content, an attacker could exploit this vulnerability to obtain privileged credentials from trace logs and use this information to launch further attacks against the affected system.

CVE-2023-36437 CVSS:8.8

Microsoft Azure DevOps Server could allow a remote attacker to execute arbitrary code on the system. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Information Disclosure
• Code Execution

Indicators Of Compromise

CVE

• CVE-2023-36052
• CVE-2023-36043
• CVE-2023-36437

Affected Vendors

Microsoft

Affected Products

• Microsoft Azure Network Watcher VM Extension
• Microsoft System Center Operations Manager (SCOM) 2016
• Microsoft System Center Operations Manager (SCOM) 2019
• Microsoft System Center Operations Manager (SCOM) 2022
• Microsoft Azure Pipelines Agent

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.

CVE-2023-36052

CVE-2023-36043

CVE-2023-36437