Multiple vulnerabilities in Microsoft Azure Sphere
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | N/A |
| CWE-ID | CWE-284 CWE-20 CWE-119 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #2 is available. |
| Vulnerable software Subscribe |
Azure Sphere Server applications / SCADA systems |
| Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
Updated 07.10.2020
Added vulnerabilities #5-6
1) Improper access control
EUVDB-ID: #VU46009
Risk: Low
CVSSv3.1: 7.3 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the normal world’s signed code execution functionality. A local attacker can use a specially crafted shellcode that modifies the program at runtime via "/proc/thread-self/mem" and execute arbtrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Sphere: 20.07
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1138
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper access control
EUVDB-ID: #VU46012
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:P/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the normal world’s signed code execution functionality. A local attacker can use a specially crafted shellcode that sets the "READ_IMPLIES_EXEC" personality and execute arbtrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Sphere: 20.06
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1128
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Improper access control
EUVDB-ID: #VU46011
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the Capability access control functionality. A local attacker can use a set of specially crafted ptrace syscalls, bypass implemented security restrictions and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Sphere: 20.06
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1133
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU46010
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the "uid_map" functionality. A local attacker can ise a specially crafted uid_map file, cause multiple applications to get the same UID assigned and gain elevated privileges on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Sphere: 20.06
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1137
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Improper access control
EUVDB-ID: #VU47396
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the normal world’s signed code execution functionality. A local user can send a specially crafted AF_PACKET socket and execute arbitrary code on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Sphere: 20.07
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1134
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Buffer overflow
EUVDB-ID: #VU47397
Risk: Low
CVSSv3.1: 8.1 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: N/A
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the Pluton SIGN_WITH_TENANT_ATTESTATION_KEY functionality. A local attacker can use specially crafted ioctl calls, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsAzure Sphere: 20.07
External linkshttp://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1139
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
