Page 2 of 14 results (0.004 seconds)

CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 0

Microsoft Defender for IoT Information Disclosure Vulnerability Una vulnerabilidad de Divulgación de Información de Microsoft Defender for IoT • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43888 •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0

Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender for IoT. Este ID de CVE es diferente de CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889 This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT console and sensor appliances. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The issue results from the lack of proper validation of a certificate chain. An attacker can leverage this vulnerability to bypass authentication on the system. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-43882 https://www.zerodayinitiative.com/advisories/ZDI-21-1553 • CWE-295: Improper Certificate Validation •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender de IoT. Este ID de CVE es diferente de CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-43882, CVE-2021-43889 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42315 •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0

Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender de IoT. Este ID de CVE es diferente de CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42314 •

CVSS: 10.0EPSS: 5%CPEs: 1EXPL: 0

Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender de IoT. Este ID de CVE es diferente de CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sync endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system and execute arbitrary code in the context of root. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42313 https://www.zerodayinitiative.com/advisories/ZDI-21-1555 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •