Vulnerabilities > CVE-2019-1372 - Unspecified vulnerability in Microsoft Azure APP Service ON Azure Stack

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

microsoft

critical

NVD

Published: 2019-10-10

Updated: 2020-08-24

Summary

An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Azure APP Service ON Azure Stack 1.2 Microsoft Azure APP Service ON Azure Stack 1.3 Microsoft Azure APP Service ON Azure Stack 1.4 Microsoft Azure APP Service ON Azure Stack 1.5 Microsoft Azure APP Service ON Azure Stack 1.6	5

The Hacker News

id	THN:0C7E84207B4D65E7F360B825BEC52DF5
last seen	2020-01-30
modified	2020-01-30
published	2020-01-30
reporter	The Hacker News
source	https://thehackernews.com/2020/01/microsoft-azure-vulnerabilities.html
title	Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

Summary

Vulnerable Configurations

The Hacker News

References