SB2022071222 - Multiple vulnerabilities in Microsoft Azure Site Recovery
Published: July 12, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33657)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-30181)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33641)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33642)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information dislocure and privilege escalation.
5) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33643)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33659)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
7) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33660)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
8) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33661)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
9) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33662)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33663)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33664)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
12) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33665)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
13) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33666)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
14) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33667)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
15) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33669)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
16) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33671)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
17) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33672)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
18) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33673)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
19) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33674)
The vulnerability allows a remote attacker on the local network to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
20) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33675)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
21) Input validation error (CVE-ID: CVE-2022-33676)
The vulnerability allows a remote user to execute arbitrary code on the system.
The vulnerability exists due to insufficient validation of user-supplied input in Azure Site Recovery. A remote administrator can pass specially crafted input to the application and execute arbitrary code on the target system.
22) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33677)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
23) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33678)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
24) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33668)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
25) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33658)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
26) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33650)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
27) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33651)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
28) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33652)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
29) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33653)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
30) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33654)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to information disclosure and privilege escalation.
31) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33655)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
32) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-33656)
The vulnerability allows a remote administrator to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in Azure Site Recovery, which leads to security restrictions bypass and privilege escalation.
Remediation
Install update from vendor's website.
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33657
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30181
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33641
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33642
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33643
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33659
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33660
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33661
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33662
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33663
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33664
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33665
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33666
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33667
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33669
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33671
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33672
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33673
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33674
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33675
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33676
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33677
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33678
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33668
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33658
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33650
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33651
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33652
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33653
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33654
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33655
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-33656