Vulnerability identifier: #VU25981
Vulnerability risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-264
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Service Fabric
Other software /
Other software solutions
Vendor: Microsoft
Description
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists in Service Fabric File Store Service under certain conditions. A remote attacker can gain rights to the Service Fabric File Store Service if the node is exposed externally via SMB or SCP standard ports and they are using the impacted configuration.
Mitigation
Install updates from vendor's website.
Vulnerable software versions
Service Fabric: 7.0 CU3
External links
http://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0902
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.