CVE-2021-42312 – Microsoft Defender for IoT Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2021-42312
Microsoft Defender for IOT Elevation of Privilege Vulnerability Una vulnerabilidad de Elevación de Privilegios de Microsoft Defender para IOT Microsoft Defender for IoT Elevation of Privilege Vulnerability • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42312 •
CVE-2021-42310 – Microsoft Defender for IoT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-42310
Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender de IoT. Este ID de CVE es diferente de CVE-2021-41365, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42310 •
CVE-2021-42311 – Microsoft Defender for IoT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-42311
Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender de IoT. Este ID de CVE es diferente de CVE-2021-41365, CVE-2021-42310, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft Azure Defender for IoT. Authentication is not required to exploit this vulnerability. The specific flaw exists within the update-handshake endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to bypass authentication on the system and execute arbitrary code in the context of root. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-42311 https://www.zerodayinitiative.com/advisories/ZDI-21-1556 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2021-41365 – Microsoft Defender for IoT Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-41365
Microsoft Defender for IoT Remote Code Execution Vulnerability Una vulnerabilidad de Ejecución de Código Remota de Microsoft Defender de IoT. Este ID de CVE es diferente de CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43882, CVE-2021-43889 This vulnerability allows remote attackers to escalate privileges on affected installations of Microsoft Azure Defender for IoT. Authentication is required to exploit this vulnerability. The specific flaw exists within the maintenanceWindow endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-41365 https://www.zerodayinitiative.com/advisories/ZDI-21-1595 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •