CVE-2022-41085
published 2022-11-09CVE-2022-41085: Azure CycleCloud Elevation of Privilege Vulnerability
PriorityP344high8.8CVSS 3.1
AVAACLPRNUINSUCHIHAH
EPSS
0.67%
47.3th percentile
Azure CycleCloud Elevation of Privilege Vulnerability
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_cyclecloud | — | — |
| microsoft | azure_cyclecloud | — | — |
| microsoft | azure_cyclecloud_7 | >= 7.0 < 7.9.11 | 7.9.11 |
| microsoft | azure_cyclecloud_8.0.0 | >= 8.0.0 < 8.3.0 | 8.3.0 |
| msrc | azure_cyclecloud_7 | — | — |
| msrc | azure_cyclecloud_8.0.0 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q26v-jx3p-cxqm: Azure CycleCloud Elevation of Privilege Vulnerability
ghsa_unreviewed·2022-11-10
CVE-2022-41085 [HIGH] GHSA-q26v-jx3p-cxqm: Azure CycleCloud Elevation of Privilege Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability.
Microsoft
Azure CycleCloud Elevation of Privilege Vulnerability
vendor_msrc·2022-11-08·CVSS 7.5
CVE-2022-41085 [HIGH] Azure CycleCloud Elevation of Privilege Vulnerability
Azure CycleCloud Elevation of Privilege Vulnerability
FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?
Successful exploitation of this vulnerability requires an attacker to brute force authentication and obtain a successful login.
FAQ: What versions are impacted by this vulnerability?
All versions are impacted and should be updated based on the documentation provided in the CVE.
FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability?
An attacker who successfully exploited this vulnerability could gain administrator privileges.
FAQ: According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?
Successful exploitation of this vuln
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-09
Published