Microsoft Azure Defender for IoT vulnerabilities could lead to ‘full network compromise’

We are excited to bring Transform 2022 back in-person July 19 and virtually July 20 – August 3. Join AI and data leaders for insightful talks and exciting networking opportunities. Learn More

Researchers at SentinelOne’s SentinelLabs today disclosed five critical vulnerabilities in Microsoft Azure Defender for IoT.

The vulnerabilities have a severity score as high as 10.0, SentinelLabs said.

“Successful attack may lead to full network compromise, since Azure Defender For IoT is configured to have a TAP (Terminal Access Point) on the network traffic,” the researchers said in a SentinelLabs blog post. “Access to sensitive information on the network could open a number of sophisticated attacking scenarios that could be difficult or impossible to detect.”

The vulnerabilities affect both cloud and on-premises customers, the researchers said, and are being tracked at the following CVE (Common Vulnerabilities and Exposures) numbers:

  • CVE-2021-42310
  • CVE-2021-42312
  • CVE-2021-37222
  • CVE-2021-42313
  • CVE-2021-42311

SentinelLabs says it reported its findings to Microsoft last June.

“Microsoft has released security updates to address these critical vulnerabilities,” the researchers said in the blog post. “Users are encouraged to take action immediately.”

SentinelLabs says it hasn’t found evidence of the vulnerabilities being exploited in the wild.

The vulnerabilities affect the service’s password reset mechanism, and “can be abused by remote attackers to gain unauthorized access,” the researchers said.

Additionally, “multiple SQL injection vulnerabilities in Defender for IoT [can] allow remote attackers to gain access without authentication,” the blog post says.

VentureBeat has reached out to Microsoft for comment.

Microsoft Defender for IoT is an agentless security solution for IoT and operational technology (OT) assets. The solution includes continuous IoT/OT asset discovery, threat detection and vulnerability management.

Given that Defender for IoT is a security product itself, SentinelLabs says that is research “raises serious questions about the security of security products themselves and their overall effect on the security posture of vulnerable sectors.”

VentureBeat’s mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More


Follow me on Twitter:

Leave a Comment