medium

Azure App Service on Azure Stack Hub privilege escalation

Published Tue, Feb 14th, 2023
Platforms

Summary

A privilege escalation vulnerability was discovered in Azure App Service on Azure Stack Hub (an on-prem private cloud offering). To exploit this vulnerability, an attacker must have access to the targeted worker role and the ability to deploy a malicious application within the worker. The attack itself is carried out locally on the worker role where a malicious application has been deployed. Exploiting this vulnerability could grant an attacker the ability to access and modify content of a targeted application or workload, allowing them to interact with other tenants' applications and content.

Affected Services

Azure App Service on Azure Stack Hub

Remediation

Users of Azure App Service on Azure Stack Hub must update their instances to version 2302 by installing the patch available from Microsoft.

Tracked CVEs

CVE-2023-21777

References

Entry Status
Finalized
Disclosure Date
-
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Ruslan Sayfiev, Denis Faiustov, GMO Cyber Security