On march 30, 2022, SentineOne announced their findings about Microsoft Azure Defense for IoT including a detail of a handful of bugs and two critical remote code execution vulnerabilities. Furthermore, they also pointed out that these security flaw would take six months to address and it meant that these ones could have been exploited by an unauthenticated attacker to compromise and would take over critical infrastructure networks. The two of the critical bugs in Defender for IoT are: CVE-2021-42311 and CVE-2021-42313. These bugs are SQL injection vulnerabilities and received 10/10 score in term of severity. Attackers could exploit these bugs without any authentication . Below is the link to get more info about these bugs.
https://www.theregister.com/2022/03/30/sentinelone_microsoft_azure_iot/
Leave a Reply