Deserialization of untrusted data in Azure Monitor Agent allows an authorized attacker to elevate privileges locally.
According to the CVSS metric, the attack vector is local (AV:L) and the privilege required is none (PR:L). What privileges could an attacker gain with successful exploitation? A local user could take advantage of this vulnerability and perform elevation of privilege (EOP). By successfully exploiting this vulnerability, the attacker could elevate their privileges to obtain root level access on the virtual machine. According to the CVSS metric, the attack complexity is high (AC:H). What is does this mean in the context of the elevation of privilege vulnerability? In order to successfully exploit this vulnerability, the attacker requires write access to the configuration directory by creating malicious files in a directory before the Azure Monitor Agent is installed or before the service starts after system restart.
P1hcn