CVE-2022-30137 — Microsoft Service Fabric vulnerability

6 documents5 sources

Severity

6.7MEDIUMNVD

EPSS

0.4%

top 36.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Service Fabric

Timeline

PublishedJun 15

Latest updateJun 28

Description

Executive Summary An Elevation of Privilege (EOP) vulnerability has been identified within Service Fabric clusters that run Docker containers. Exploitation of this EOP vulnerability requires an attacker to gain remote code execution within a container. All Service Fabric and Docker versions are impacted.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5microsoft/service_fabricN/A

Patches

Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c3gg-844m-3p5q: Azure Service Fabric Container Elevation of Privilege Vulnerability↗2022-06-16

▶

CVEList

Azure Service Fabric Container Elevation of Privilege Vulnerability↗2022-06-15

▶

📋Vendor Advisories

Microsoft

Azure Service Fabric Container Elevation of Privilege Vulnerability↗2022-06-14

▶

🕵️Threat Intelligence

Unit42

FabricScape: Escaping Service Fabric and Taking Over the Cluster↗2022-06-28

▶

Unit42

FabricScape: Escaping Service Fabric and Taking Over the Cluster↗2022-06-28

▶