Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
356
VMScore

CVE-2021-42306

Published: 24/11/2021 Updated: 28/12/2023
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 8.1 | Impact Score: 5.2 | Exploitability Score: 2.8
VMScore: 356
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Subscribe to Azure Migrate

Vulnerability Summary

<p>An information disclosure vulnerability manifests when a user or an application uploads unprotected private key data as part of an authentication certificate <a href="docs.microsoft.com/en-us/graph/api/resources/keycredential?view=graph-rest-1.0">keyCredential</a>? on an Azure AD <a href="docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals">Application or Service Principal</a> (which is not recommended). This vulnerability allows a user or service in the tenant with application read access to read the private key data that was added to the application.</p> <p>Azure AD?addressed this vulnerability by preventing disclosure of any private key?values added?to the application.</p> <p>Microsoft has identified services that could manifest this vulnerability, and steps that customers should take to be protected. Refer to the FAQ section for more information.</p> <p>For more details on this issue, please refer to the <a href="aka.ms/CVE-2021-42306-AAD">MSRC Blog Entry</a>.</p>

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft azure migrate

microsoft azure active site recovery

microsoft azure automation

microsoft azure active directory

Recent Articles

Infosec bods: After more than a year, Sky gets round to squashing hijacking bug in 6m home broadband routers
The Register • Iain Thomson in San Francisco • 23 Nov 2021

Get our weekly newsletter Plus: DNS cache poisoning again, cops probe property conveyancing group's IT outage, Azure hole addressed, and more

In brief Sky has fixed a flaw in six million of its home broadband routers, and it only took the British broadcaster'n'telecoms giant a year to do so, infosec researchers have said. We're told that the vulnerability could be exploited by tricking a subscriber into viewing a malicious webpage. If an attack was successful, their router would fall under the attacker's control, allowing the crook to open up ports to access other devices on the local network, change the LAN's default DNS settings to ...

Read more...

References

CWE-522https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42306https://nvd.nist.govhttps://www.theregister.co.uk/2021/11/23/in_brief_security/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook