CVE-2021-27075
published 2021-03-11CVE-2021-27075: Azure Virtual Machine Information Disclosure Vulnerability
PriorityP426medium6.8CVSS 3.1
AVAACLPRLUINSCCHINAN
EPSS
1.34%
67.8th percentile
Azure Virtual Machine Information Disclosure Vulnerability
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_container_instance | — | — |
| microsoft | azure_kubernetes_service | >= 1.0 < publication | publication |
| microsoft | azure_service_fabric | — | — |
| microsoft | azure_spring_cloud | — | — |
| msrc | azure_container_instance | — | — |
| msrc | azure_kubernetes_service | — | — |
| msrc | azure_service_fabric | — | — |
| msrc | azure_spring_cloud | — | — |
CVSS provenance
nvdv3.16.8MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
nvdv2.02.7LOWAV:A/AC:L/Au:S/C:P/I:N/A:N
vendor_msrc6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-559g-xmx4-7w7v: Azure Virtual Machine Information Disclosure Vulnerability
ghsa_unreviewed·2022-05-24
CVE-2021-27075 [MEDIUM] GHSA-559g-xmx4-7w7v: Azure Virtual Machine Information Disclosure Vulnerability
Azure Virtual Machine Information Disclosure Vulnerability
Microsoft
Azure Virtual Machine Information Disclosure Vulnerability
vendor_msrc·2021-03-09·CVSS 6.8
CVE-2021-27075 [MEDIUM] Azure Virtual Machine Information Disclosure Vulnerability
Azure Virtual Machine Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow a low privileged user to gain virtual machine credentials as well as credentials to extensions associated with the virtual machine.
What are some of the services affected by this vulnerability?
The following table lists some of the affected services, and the changes associated with the remedy for this vulnerability:
Affected Product
Remedy
Action on customers
Azure Container Instance
The ability for containers to be able to talk to the metadata and wireserver endpoints was disabled as part of this release. The underlying platform now applies network ACLs to block the outgoing traffic to those services.
None
Azure
No detection rules found.
No public exploits indexed.
2021-03-11
Published