Severity
High
Analysis Summary
CVE-2023-21777 CVSS:8.7
Microsoft Azure App Service could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to escape the sandbox and gain elevated privileges on the system.
CVE-2023-23382 CVSS:6.5
Microsoft Azure Machine Learning could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw in the Compute Instance component. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain cleartext passwords from error logs and then use this information to launch further attacks against the affected system.
Impact
- Privilege Escalation
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-21777
- CVE-2023-23382
Affected Vendors
Microsoft
Affected Products
- Microsoft Azure Machine Learning
- Microsoft Azure App Service on Azure Stack
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.