Main Vulnerability Database Vulnerabilities #VU69154

Command Injection in Azure CLI - CVE-2022-39327

Published: November 9, 2022

Vulnerability identifier: #VU69154

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-39327

CWE-ID: CWE-77

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Azure CLI

Software vendor:
Microsoft

Description

The vulnerability allows a remote attacker to execute arbitrary commands on the target system.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted data to the application and execute arbitrary commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4
https://github.com/Azure/azure-cli/pull/23514
https://github.com/Azure/azure-cli/pull/24015
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-39327

Command Injection in Azure CLI - CVE-2022-39327

Description

Remediation

External links

Please verify you're human