App Service RCE / Sandbox Escape (CVE-2019-1372)
r0nen opened this issue · 0 comments
r0nen commented
Azure App Service RCE / Sandbox Escape (CVE-2019-1372)
- Summary: A Vulnerability in App Service could allow an unprivileged function run by the user to execute code in the context of NT AUTHORITY\system thereby escaping the Sandbox. This Vulnerability allowed cross-account access when using Free/Shared tier.
- Platform: Azure
- Severity: Critical
- Date: Reported: June 27, 2019, Published: January 30, 2020
- Discoverer: Ronen Shustin (@ronenshh)
- Customer action: Azure Cloud - N/A, Azure Stack / Windows Azure Pack Web Sites V2 - Manual Update
- References: https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-ii/