critical

Azurescape

Published Thu, Sep 9th, 2021

Platforms

azure

Summary

Cross-account container escape

Affected Services

ACI

Remediation

Revoking any privileged credentials that were deployed to the platform before Aug. 31, 2021, and checking their access logs for irregularities.

Tracked CVEs

No tracked CVEs

References

https://unit42.paloaltonetworks.com/azure-container-instances/

Contributed by https://github.com/0xdabbad00

Entry Status

Finalized

Disclosure Date

Thu, Sep 9th, 2021

Exploitability Period

-

Known ITW Exploitation

-

Detection Methods

None

Piercing Index Rating

9.19

(PI:1.5/A1:20/A2:1.1/A7:1.1/A8:1.1)

Discovered by

Yuval Avrahami, Palo Alto

More vulnerabilities...

critical

ChaosDB

azure

Azure's Cosmos DB database service was vulnerable to remote account takeover. Any Azure user could gain full admin access to other customers' Cosmos DB instances without authorization. The vulnerab...

Nir Ohfeld, Sagi Tzadik, Wiz
medium

Lightsail object storage access keys logged

aws

Lightsail object storage allows the creation of access keys which were logged to CloudTrail (both access key and secret key)

Scott Piper, Summit Route
medium

DHCP abuse for code exec

gcp

Under certain conditions, an attacker can flood DHCP packets to the victim VM, allowing it to impersonate the Metadata server, and grant themselves SSH access.

Imre Rad
View all