{ "document" : { "aggregate_severity" : { "text" : "hoch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Azure ist eine Cloud Computing-Plattform von Microsoft.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in Microsoft Azure ausnutzen, um seine Privilegien zu erhöhen oder beliebigen Code auszuführen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Windows", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2024-3454 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-3454.json" }, { "category" : "self", "summary" : "WID-SEC-2024-3454 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-3454" }, { "category" : "external", "summary" : "Microsoft Leitfaden für Sicherheitsupdates", "url" : "https://msrc.microsoft.com/update-guide/" } ], "source_lang" : "en-US", "title" : "Microsoft Azure: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2024-11-12T23:00:00.000+00:00", "generator" : { "date" : "2024-11-13T12:46:13.208+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.3.8" } }, "id" : "WID-SEC-W-2024-3454", "initial_release_date" : "2024-11-12T23:00:00.000+00:00", "revision_history" : [ { "date" : "2024-11-12T23:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version", "name" : "CycleCloud 8.2.0", "product" : { "name" : "Microsoft Azure CycleCloud 8.2.0", "product_id" : "T039105", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.2.0" } } }, { "category" : "product_version", "name" : "CycleCloud 8.0.0", "product" : { "name" : "Microsoft Azure CycleCloud 8.0.0", "product_id" : "T039106", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.0.0" } } }, { "category" : "product_version", "name" : "CycleCloud 8.6.0", "product" : { "name" : "Microsoft Azure CycleCloud 8.6.0", "product_id" : "T039107", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.6.0" } } }, { "category" : "product_version", "name" : "CycleCloud 8.0.1", "product" : { "name" : "Microsoft Azure CycleCloud 8.0.1", "product_id" : "T039108", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.0.1" } } }, { "category" : "product_version", "name" : "CycleCloud 8.0.2", "product" : { "name" : "Microsoft Azure CycleCloud 8.0.2", "product_id" : "T039109", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.0.2" } } }, { "category" : "product_version", "name" : "CycleCloud 8.1.0", "product" : { "name" : "Microsoft Azure CycleCloud 8.1.0", "product_id" : "T039110", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.1.0" } } }, { "category" : "product_version", "name" : "CycleCloud 8.1.1", "product" : { "name" : "Microsoft Azure CycleCloud 8.1.1", "product_id" : "T039111", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.1.1" } } }, { "category" : "product_version", "name" : "CycleCloud 8.2.2", "product" : { "name" : "Microsoft Azure CycleCloud 8.2.2", "product_id" : "T039112", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.2.2" } } }, { "category" : "product_version", "name" : "CycleCloud 8.2.1", "product" : { "name" : "Microsoft Azure CycleCloud 8.2.1", "product_id" : "T039113", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.2.1" } } }, { "category" : "product_version", "name" : "CycleCloud 8.3.0", "product" : { "name" : "Microsoft Azure CycleCloud 8.3.0", "product_id" : "T039114", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.3.0" } } }, { "category" : "product_version", "name" : "CycleCloud 8.4.0", "product" : { "name" : "Microsoft Azure CycleCloud 8.4.0", "product_id" : "T039115", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.4.0" } } }, { "category" : "product_version", "name" : "CycleCloud 8.4.1", "product" : { "name" : "Microsoft Azure CycleCloud 8.4.1", "product_id" : "T039116", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.4.1" } } }, { "category" : "product_version", "name" : "CycleCloud 8.4.2", "product" : { "name" : "Microsoft Azure CycleCloud 8.4.2", "product_id" : "T039117", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.4.2" } } }, { "category" : "product_version", "name" : "CycleCloud 8.5.0", "product" : { "name" : "Microsoft Azure CycleCloud 8.5.0", "product_id" : "T039118", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.5.0" } } }, { "category" : "product_version", "name" : "CycleCloud 8.6.2", "product" : { "name" : "Microsoft Azure CycleCloud 8.6.2", "product_id" : "T039119", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.6.2" } } }, { "category" : "product_version", "name" : "CycleCloud 8.6.3", "product" : { "name" : "Microsoft Azure CycleCloud 8.6.3", "product_id" : "T039120", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.6.3" } } }, { "category" : "product_version", "name" : "CycleCloud 8.6.1", "product" : { "name" : "Microsoft Azure CycleCloud 8.6.1", "product_id" : "T039121", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.6.1" } } }, { "category" : "product_version", "name" : "CycleCloud 8.6.4", "product" : { "name" : "Microsoft Azure CycleCloud 8.6.4", "product_id" : "T039122", "product_identification_helper" : { "cpe" : "cpe:/a:microsoft:azure:cyclecloud_8.6.4" } } } ], "category" : "product_name", "name" : "Azure" } ], "category" : "vendor", "name" : "Microsoft" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2024-43602", "notes" : [ { "category" : "description", "text" : "Es bestehen mehrere Schwachstellen in Microsoft Azure. Diese Fehler bestehen in den Komponenten CycleCloud und Airlift.microsoft.com aufgrund einer unsachgemäßen Autorisierung. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Berechtigungen zu erweitern und beliebigen Code mit Root-Rechten auszuführen. Eine der Schwachstellen erfordert eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "product_status" : { "known_affected" : [ "T039109", "T039106", "T039117", "T039105", "T039116", "T039108", "T039119", "T039107", "T039118", "T039113", "T039112", "T039115", "T039114", "T039120", "T039111", "T039122", "T039110", "T039121" ] }, "release_date" : "2024-11-12T23:00:00.000+00:00", "title" : "CVE-2024-43602" }, { "cve" : "CVE-2024-49056", "notes" : [ { "category" : "description", "text" : "Es bestehen mehrere Schwachstellen in Microsoft Azure. Diese Fehler bestehen in den Komponenten CycleCloud und Airlift.microsoft.com aufgrund einer unsachgemäßen Autorisierung. Ein entfernter, authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Berechtigungen zu erweitern und beliebigen Code mit Root-Rechten auszuführen. Eine der Schwachstellen erfordert eine Benutzerinteraktion zur erfolgreichen Ausnutzung." } ], "product_status" : { "known_affected" : [ "T039109", "T039106", "T039117", "T039105", "T039116", "T039108", "T039119", "T039107", "T039118", "T039113", "T039112", "T039115", "T039114", "T039120", "T039111", "T039122", "T039110", "T039121" ] }, "release_date" : "2024-11-12T23:00:00.000+00:00", "title" : "CVE-2024-49056" } ] }