What is Network Watcher? Azure Network Watcher provides tools to monitor, diagnose, view metrics, and enable or disable logs for resources in an Azure virtual network. Network Watcher is designed to monitor and repair the network health of IaaS (Infrastructure-as-a-Service) products including Virtual Machines (VM), Virtual Networks, Application Gateways, Load balancers, etc. For more details, please refer to: What is Azure Network Watcher?. How could an attacker exploit this vulnerability? An attacker with permissions to perform Run Commands on Linux VMs hosting the Azure Network Watcher VM extension could terminate the ongoing Packet Capture created via Network Watcher. This could result in the loss of the on-going network packet capture data and limit troubleshooting and diagnostic capabilities. What is Network Watcher Agent? Azure Network Watcher Agent is a virtual machine (VM) extension required for capturing network traffic on demand and using other advanced monitoring and diagnostics capabilities such as Connection Monitor, Connection Troubleshoot and Packet Capture. For Windows VM, please refer to: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-windows For Linux VM, please refer to: https://learn.microsoft.com/en-us/azure/virtual-machines/extensions/network-watcher-linux How do I know if I am affected by this vulnerability? Only customers running a Linux VM that has the Azure Network Watcher VM extension installed are susceptible to this vulnerability.
<a href="https://twitter.com/ryananicholson">Ryan Nicholson</a> with <a href="https://www.bluemountaincyber.com/">Blue Mountain Cyber</a>