Microsoft Security Response Center

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** The user would have to click on a specially crafted URL to be compromised by the attacker.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level or a High Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information.

**According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability?** An authorized attacker must be on the network to monitor domain network traffic (PR:L) while monitoring for user (UI:R) generated network traffic, or alternatively that attacker convinces an authenticated user to execute a malicious script, as a step to exploit this vulnerability.

**According to the CVSS metric, the attack vector is adjacent (AV:A). What does that mean for this vulnerability?** An authenticated attacker could exploit this vulnerability with LAN access.

**According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability?** An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality.

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

**What privileges could be gained by an attacker who successfully exploited the vulnerability?** The attacker who successfully exploited the vulnerability could elevate privileges to the Administrator role in the vulnerable Azure CycleCloud instance.

The following mitigating factor might be helpful in your situation: Consider upgrading to Defender for IoT version 24.1.4 or newer.

**According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability?** This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network.

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to possess advanced reverse engineering skills to identify and gain unauthorized access to specific remote procedure call (RPC) endpoints.