What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the attacker to be assigned the role of “Security Admin” or “Contributor”. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? The vulnerability enables an attacker to run specific Azure CLI commands to perform service management operations or deploy other Azure resources in the victim's subscription. How could an attacker exploit the vulnerability? An attacker assigned the role of "Security Admin" or "Contributor" in the target environment could run specific Azure CLI commands that result in certain service management operations being performed with System level permissions in Azure Defender for Cloud. An attacker could use this vulnerability to deploy or manage Defender for Cloud resources they are not permitted to access.
<a href="https://zpbrent.github.io/">Peng Zhou (zpbrent)</a> with Shanghai University