Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2019-1372

Published: 10/10/2019 Updated: 24/08/2020
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 10 | Impact Score: 6 | Exploitability Score: 3.9
VMScore: 891
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Azure App Service On Azure Stack

Vulnerability Summary

An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length of a buffer prior to copying memory to it.An attacker who successfully exploited this vulnerability could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox.The security update addresses the vulnerability by ensuring that Azure App Service sanitizes user inputs., aka 'Azure App Service Remote Code Execution Vulnerability'.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft azure app service on azure stack

Github Repositories

https://github.com/ashdsetty/Detection

Azure Hacking Iniitial Access Background - Azure vs ASDK Microsoft has an on-premise Azure environment called Azure Stack which is meant primarily for enterprise usage There is also a version called Azure Stack Development Kit (ASDK) which is free Main Differences: Scalability ASDK runs on a single instance with limited resources and all of its roles run as separate VMs han

https://github.com/ashdsetty/Cloud-Security-Purple-Teaming

Cloud-Security-Purple-Teaming Introduction In this paper, we will go over many different aspects to red teaming and blue teaming in regards to cloud security, mainly Microsoft Azure We will tackle the stages of an attack lifecycle that a hacker would use to attack Microsoft Azure as well as the ways to detect and prevent these attacks We will also go over how to set up loggin

Recent Articles

Microsoft Patch Tuesday – October 2019
Symantec Threat Intelligence Blog • Ratheesh PM • 09 Oct 2024

This month the vendor has patched 59 vulnerabilities, 9 of which are rated Critical.

Posted: 9 Oct, 201918 Min ReadThreat Intelligence SubscribeFollowtwitterfacebooklinkedinMicrosoft Patch Tuesday – October 2019This month the vendor has patched 59 vulnerabilities, 9 of which are rated Critical.This month the vendor has patched 59 vulnerabilities, 9 of which are rated Critical. As always, customers are advised to follow these security best practices: Install vendor patches as soon as they are available. Run all soft...

Read more...
You know the deal: October 2019. Pwned by a spreadsheet. Patch your Microsoft stuff
The Register • Shaun Nichols in San Francisco • 08 Oct 2019

On the bright side, nothing from Adobe to install this month MacOS 'Catalina' 10.15 comes packed with exclusive security fixes – gee, thanks, Apple

Patch Tuesday October brings a relatively light patch load for admins and users, thanks to Adobe's decision to sit out this month's update bonanza. For Microsoft, the Patch Tuesday update is a manageable 59 CVE-listed bugs for Windows, Edge, Office, and Azure. Among the nine critical issues patched this month is CVE-2019-1372, a flaw in Azure that allows end-users running on virtual machines to send and execute code on the host machines. This is particularly bad because it is, in essence, both a...

Read more...
You know the deal: October 2019. Pwned by a spreadsheet. Patch your Microsoft stuff
The Register • Shaun Nichols in San Francisco • 08 Oct 2019

On the bright side, nothing from Adobe to install this month MacOS 'Catalina' 10.15 comes packed with exclusive security fixes – gee, thanks, Apple

Patch Tuesday October brings a relatively light patch load for admins and users, thanks to Adobe's decision to sit out this month's update bonanza. For Microsoft, the Patch Tuesday update is a manageable 59 CVE-listed bugs for Windows, Edge, Office, and Azure. Among the nine critical issues patched this month is CVE-2019-1372, a flaw in Azure that allows end-users running on virtual machines to send and execute code on the host machines. This is particularly bad because it is, in essence, both a...

Read more...

References

NVD-CWE-noinfohttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1372https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/https://nvd.nist.govhttps://github.com/ashdsetty/Detectionhttps://www.theregister.co.uk/2019/10/08/you_know_the_deal_october_2019_pwned_by_a_spreadsheet_patch_your_stuff/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3661open redirectCVE-2024-25512CVE-2024-33788command injectionSSTICVE-2024-0043CVE-2024-29210CVE-2024-25510
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook