CVE Vulnerability

CVE-2022-39327

Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azure CLI contains a vulnerability for potential code injection. Critical scenarios are where a hosting machine runs an Azure CLI command where parameter values have been provided by an external source. The vulnerability is only applicable when the Azure CLI command is run on a Windows machine and with any version of PowerShell and when the parameter value contains the `&` or `|` symbols. If any of these prerequisites are not met, this vulnerability is not applicable. Users should upgrade to version 2.40.0 or greater to receive a a mitigation for the vulnerability.

9.8 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/Azure/azure-cli/security/advisories/GHSA-47xc-9rr2-q7p4 Exploit Mitigation
https://github.com/Azure/azure-cli/pull/23514 Exploit Patch
https://github.com/Azure/azure-cli/pull/24015 Patch Third Party Advisory
Configurations

Configuration 1
Information

Published : 2022-10-25 05:15

Updated : 2022-10-28 07:25

NVD link : CVE-2022-39327

Mitre link : CVE-2022-39327

Products Affected

Microsoft

Windows

CWE
CWE-94