10

CVE-2022-37968

EPSS 4.5%
Veröffentlicht 11.10.2022 19:15:12
Zuletzt bearbeitet 02.01.2025 22:15:10
Quelle secure@microsoft.com
Teams Watchlist Login
Unerledigt Login

Microsoft has identified a vulnerability affecting the cluster connect feature of Azure Arc-enabled Kubernetes clusters. This vulnerability could allow an unauthenticated user to elevate their privileges and potentially gain administrative control over the Kubernetes cluster. Additionally, because Azure Stack Edge allows customers to deploy Kubernetes workloads on their devices via Azure Arc, Azure Stack Edge devices are also vulnerable to this vulnerability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Azure Arc-enabled Kubernetes Version1.5.8

Microsoft ≫ Azure Arc-enabled Kubernetes Version1.6.19

Microsoft ≫ Azure Arc-enabled Kubernetes Version1.7.18

Microsoft ≫ Azure Arc-enabled Kubernetes Version1.8.11

Microsoft ≫ Azure Stack Edge Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.5%	0.887

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
secure@microsoft.com	10	3.9	6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-37968

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-37968

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-37968

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-37968

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-37968

EUVD